From 7d0eb377f9738bc9e838c2387872ca6ccaf2c104 Mon Sep 17 00:00:00 2001 From: Ron Ratovsky Date: Wed, 1 Mar 2023 08:34:14 -0800 Subject: [PATCH 001/251] Create 3.0.4.md --- versions/3.0.4.md | 3455 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 3455 insertions(+) create mode 100644 versions/3.0.4.md diff --git a/versions/3.0.4.md b/versions/3.0.4.md new file mode 100644 index 0000000000..e15a2071b0 --- /dev/null +++ b/versions/3.0.4.md @@ -0,0 +1,3455 @@ +# OpenAPI Specification + +#### Version 3.0.4 + +The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [BCP 14](https://tools.ietf.org/html/bcp14) [RFC2119](https://tools.ietf.org/html/rfc2119) [RFC8174](https://tools.ietf.org/html/rfc8174) when, and only when, they appear in all capitals, as shown here. + +This document is licensed under [The Apache License, Version 2.0](https://www.apache.org/licenses/LICENSE-2.0.html). + +## Introduction + +The OpenAPI Specification (OAS) defines a standard, language-agnostic interface to RESTful APIs which allows both humans and computers to discover and understand the capabilities of the service without access to source code, documentation, or through network traffic inspection. When properly defined, a consumer can understand and interact with the remote service with a minimal amount of implementation logic. + +An OpenAPI definition can then be used by documentation generation tools to display the API, code generation tools to generate servers and clients in various programming languages, testing tools, and many other use cases. + +## Table of Contents + + +- [Definitions](#definitions) + - [OpenAPI Document](#oasDocument) + - [Path Templating](#pathTemplating) + - [Media Types](#mediaTypes) + - [HTTP Status Codes](#httpCodes) +- [Specification](#specification) + - [Versions](#versions) + - [Format](#format) + - [Document Structure](#documentStructure) + - [Data Types](#dataTypes) + - [Rich Text Formatting](#richText) + - [Relative References In URLs](#relativeReferences) + - [Schema](#schema) + - [OpenAPI Object](#oasObject) + - [Info Object](#infoObject) + - [Contact Object](#contactObject) + - [License Object](#licenseObject) + - [Server Object](#serverObject) + - [Server Variable Object](#serverVariableObject) + - [Components Object](#componentsObject) + - [Paths Object](#pathsObject) + - [Path Item Object](#pathItemObject) + - [Operation Object](#operationObject) + - [External Documentation Object](#externalDocumentationObject) + - [Parameter Object](#parameterObject) + - [Request Body Object](#requestBodyObject) + - [Media Type Object](#mediaTypeObject) + - [Encoding Object](#encodingObject) + - [Responses Object](#responsesObject) + - [Response Object](#responseObject) + - [Callback Object](#callbackObject) + - [Example Object](#exampleObject) + - [Link Object](#linkObject) + - [Header Object](#headerObject) + - [Tag Object](#tagObject) + - [Reference Object](#referenceObject) + - [Schema Object](#schemaObject) + - [Discriminator Object](#discriminatorObject) + - [XML Object](#xmlObject) + - [Security Scheme Object](#securitySchemeObject) + - [OAuth Flows Object](#oauthFlowsObject) + - [OAuth Flow Object](#oauthFlowObject) + - [Security Requirement Object](#securityRequirementObject) + - [Specification Extensions](#specificationExtensions) + - [Security Filtering](#securityFiltering) +- [Appendix A: Revision History](#revisionHistory) + + + + +## Definitions + +##### OpenAPI Document +A document (or set of documents) that defines or describes an API. An OpenAPI definition uses and conforms to the OpenAPI Specification. + +##### Path Templating +Path templating refers to the usage of template expressions, delimited by curly braces ({}), to mark a section of a URL path as replaceable using path parameters. + +Each template expression in the path MUST correspond to a path parameter that is included in the [Path Item](#path-item-object) itself and/or in each of the Path Item's [Operations](#operation-object). + +##### Media Types +Media type definitions are spread across several resources. +The media type definitions SHOULD be in compliance with [RFC6838](https://tools.ietf.org/html/rfc6838). + +Some examples of possible media type definitions: +``` + text/plain; charset=utf-8 + application/json + application/vnd.github+json + application/vnd.github.v3+json + application/vnd.github.v3.raw+json + application/vnd.github.v3.text+json + application/vnd.github.v3.html+json + application/vnd.github.v3.full+json + application/vnd.github.v3.diff + application/vnd.github.v3.patch +``` +##### HTTP Status Codes +The HTTP Status Codes are used to indicate the status of the executed operation. +The available status codes are defined by [RFC7231](https://tools.ietf.org/html/rfc7231#section-6) and registered status codes are listed in the [IANA Status Code Registry](https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml). + +## Specification + +### Versions + +The OpenAPI Specification is versioned using [Semantic Versioning 2.0.0](https://semver.org/spec/v2.0.0.html) (semver) and follows the semver specification. + +The `major`.`minor` portion of the semver (for example `3.0`) SHALL designate the OAS feature set. Typically, *`.patch`* versions address errors in this document, not the feature set. Tooling which supports OAS 3.0 SHOULD be compatible with all OAS 3.0.\* versions. The patch version SHOULD NOT be considered by tooling, making no distinction between `3.0.0` and `3.0.1` for example. + +Each new minor version of the OpenAPI Specification SHALL allow any OpenAPI document that is valid against any previous minor version of the Specification, within the same major version, to be updated to the new Specification version with equivalent semantics. Such an update MUST only require changing the `openapi` property to the new minor version. + +For example, a valid OpenAPI 3.0.2 document, upon changing its `openapi` property to `3.1.0`, SHALL be a valid OpenAPI 3.1.0 document, semantically equivalent to the original OpenAPI 3.0.2 document. New minor versions of the OpenAPI Specification MUST be written to ensure this form of backward compatibility. + +An OpenAPI document compatible with OAS 3.\*.\* contains a required [`openapi`](#oasVersion) field which designates the semantic version of the OAS that it uses. (OAS 2.0 documents contain a top-level version field named [`swagger`](https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#swaggerObject) and value `"2.0"`.) + +### Format + +An OpenAPI document that conforms to the OpenAPI Specification is itself a JSON object, which may be represented either in JSON or YAML format. + +For example, if a field has an array value, the JSON array representation will be used: + +```json +{ + "field": [ 1, 2, 3 ] +} +``` +All field names in the specification are **case sensitive**. +This includes all fields that are used as keys in a map, except where explicitly noted that keys are **case insensitive**. + +The schema exposes two types of fields: Fixed fields, which have a declared name, and Patterned fields, which declare a regex pattern for the field name. + +Patterned fields MUST have unique names within the containing object. + +In order to preserve the ability to round-trip between YAML and JSON formats, YAML version [1.2](https://yaml.org/spec/1.2/spec.html) is RECOMMENDED along with some additional constraints: + +- Tags MUST be limited to those allowed by the [JSON Schema ruleset](https://yaml.org/spec/1.2/spec.html#id2803231). +- Keys used in YAML maps MUST be limited to a scalar string, as defined by the [YAML Failsafe schema ruleset](https://yaml.org/spec/1.2/spec.html#id2802346). + +**Note:** While APIs may be defined by OpenAPI documents in either YAML or JSON format, the API request and response bodies and other content are not required to be JSON or YAML. + +### Document Structure + +An OpenAPI document MAY be made up of a single document or be divided into multiple, connected parts at the discretion of the user. In the latter case, `$ref` fields MUST be used in the specification to reference those parts as follows from the [JSON Schema](https://json-schema.org) definitions. + +It is RECOMMENDED that the root OpenAPI document be named: `openapi.json` or `openapi.yaml`. + +### Data Types + +Primitive data types in the OAS are based on the types supported by the [JSON Schema Specification Wright Draft 00](https://tools.ietf.org/html/draft-wright-json-schema-00#section-4.2). +Note that `integer` as a type is also supported and is defined as a JSON number without a fraction or exponent part. +`null` is not supported as a type (see [`nullable`](#schemaNullable) for an alternative solution). +Models are defined using the [Schema Object](#schemaObject), which is an extended subset of JSON Schema Specification Wright Draft 00. + +Primitives have an optional modifier property: `format`. +OAS uses several known formats to define in fine detail the data type being used. +However, to support documentation needs, the `format` property is an open `string`-valued property, and can have any value. +Formats such as `"email"`, `"uuid"`, and so on, MAY be used even though undefined by this specification. +Types that are not accompanied by a `format` property follow the type definition in the JSON Schema. Tools that do not recognize a specific `format` MAY default back to the `type` alone, as if the `format` is not specified. + +The formats defined by the OAS are: + +[`type`](#dataTypes) | [`format`](#dataTypeFormat) | Comments +------ | -------- | -------- +`integer` | `int32` | signed 32 bits +`integer` | `int64` | signed 64 bits (a.k.a long) +`number` | `float` | | +`number` | `double` | | +`string` | | | +`string` | `byte` | base64 encoded characters +`string` | `binary` | any sequence of octets +`boolean` | | | +`string` | `date` | As defined by `full-date` - [RFC3339](https://xml2rfc.ietf.org/public/rfc/html/rfc3339.html#anchor14) +`string` | `date-time` | As defined by `date-time` - [RFC3339](https://xml2rfc.ietf.org/public/rfc/html/rfc3339.html#anchor14) +`string` | `password` | A hint to UIs to obscure input. + + +### Rich Text Formatting +Throughout the specification `description` fields are noted as supporting CommonMark markdown formatting. +Where OpenAPI tooling renders rich text it MUST support, at a minimum, markdown syntax as described by [CommonMark 0.27](https://spec.commonmark.org/0.27/). Tooling MAY choose to ignore some CommonMark features to address security concerns. + +### Relative References in URLs + +Unless specified otherwise, all properties that are URLs MAY be relative references as defined by [RFC3986](https://tools.ietf.org/html/rfc3986#section-4.2). +Relative references are resolved using the URLs defined in the [`Server Object`](#serverObject) as a Base URI. + +Relative references used in `$ref` are processed as per [JSON Reference](https://tools.ietf.org/html/draft-pbryan-zyp-json-ref-03), using the URL of the current document as the base URI. See also the [Reference Object](#referenceObject). + +### Schema + +In the following description, if a field is not explicitly **REQUIRED** or described with a MUST or SHALL, it can be considered OPTIONAL. + +#### OpenAPI Object + +This is the root document object of the [OpenAPI document](#oasDocument). + +##### Fixed Fields + +Field Name | Type | Description +---|:---:|--- +openapi | `string` | **REQUIRED**. This string MUST be the [semantic version number](https://semver.org/spec/v2.0.0.html) of the [OpenAPI Specification version](#versions) that the OpenAPI document uses. The `openapi` field SHOULD be used by tooling specifications and clients to interpret the OpenAPI document. This is *not* related to the API [`info.version`](#infoVersion) string. +info | [Info Object](#infoObject) | **REQUIRED**. Provides metadata about the API. The metadata MAY be used by tooling as required. +servers | [[Server Object](#serverObject)] | An array of Server Objects, which provide connectivity information to a target server. If the `servers` property is not provided, or is an empty array, the default value would be a [Server Object](#serverObject) with a [url](#serverUrl) value of `/`. +paths | [Paths Object](#pathsObject) | **REQUIRED**. The available paths and operations for the API. +components | [Components Object](#componentsObject) | An element to hold various schemas for the specification. +security | [[Security Requirement Object](#securityRequirementObject)] | A declaration of which security mechanisms can be used across the API. The list of values includes alternative security requirement objects that can be used. Only one of the security requirement objects need to be satisfied to authorize a request. Individual operations can override this definition. To make security optional, an empty security requirement (`{}`) can be included in the array. +tags | [[Tag Object](#tagObject)] | A list of tags used by the specification with additional metadata. The order of the tags can be used to reflect on their order by the parsing tools. Not all tags that are used by the [Operation Object](#operationObject) must be declared. The tags that are not declared MAY be organized randomly or based on the tools' logic. Each tag name in the list MUST be unique. +externalDocs | [External Documentation Object](#externalDocumentationObject) | Additional external documentation. + +This object MAY be extended with [Specification Extensions](#specificationExtensions). + +#### Info Object + +The object provides metadata about the API. +The metadata MAY be used by the clients if needed, and MAY be presented in editing or documentation generation tools for convenience. + +##### Fixed Fields + +Field Name | Type | Description +---|:---:|--- +title | `string` | **REQUIRED**. The title of the API. +description | `string` | A short description of the API. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. +termsOfService | `string` | A URL to the Terms of Service for the API. MUST be in the format of a URL. +contact | [Contact Object](#contactObject) | The contact information for the exposed API. +license | [License Object](#licenseObject) | The license information for the exposed API. +version | `string` | **REQUIRED**. The version of the OpenAPI document (which is distinct from the [OpenAPI Specification version](#oasVersion) or the API implementation version). + + +This object MAY be extended with [Specification Extensions](#specificationExtensions). + +##### Info Object Example + +```json +{ + "title": "Sample Pet Store App", + "description": "This is a sample server for a pet store.", + "termsOfService": "http://example.com/terms/", + "contact": { + "name": "API Support", + "url": "http://www.example.com/support", + "email": "support@example.com" + }, + "license": { + "name": "Apache 2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0.html" + }, + "version": "1.0.1" +} +``` + +```yaml +title: Sample Pet Store App +description: This is a sample server for a pet store. +termsOfService: http://example.com/terms/ +contact: + name: API Support + url: http://www.example.com/support + email: support@example.com +license: + name: Apache 2.0 + url: https://www.apache.org/licenses/LICENSE-2.0.html +version: 1.0.1 +``` + +#### Contact Object + +Contact information for the exposed API. + +##### Fixed Fields + +Field Name | Type | Description +---|:---:|--- +name | `string` | The identifying name of the contact person/organization. +url | `string` | The URL pointing to the contact information. MUST be in the format of a URL. +email | `string` | The email address of the contact person/organization. MUST be in the format of an email address. + +This object MAY be extended with [Specification Extensions](#specificationExtensions). + +##### Contact Object Example + +```json +{ + "name": "API Support", + "url": "http://www.example.com/support", + "email": "support@example.com" +} +``` + +```yaml +name: API Support +url: http://www.example.com/support +email: support@example.com +``` + +#### License Object + +License information for the exposed API. + +##### Fixed Fields + +Field Name | Type | Description +---|:---:|--- +name | `string` | **REQUIRED**. The license name used for the API. +url | `string` | A URL to the license used for the API. MUST be in the format of a URL. + +This object MAY be extended with [Specification Extensions](#specificationExtensions). + +##### License Object Example + +```json +{ + "name": "Apache 2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0.html" +} +``` + +```yaml +name: Apache 2.0 +url: https://www.apache.org/licenses/LICENSE-2.0.html +``` + +#### Server Object + +An object representing a Server. + +##### Fixed Fields + +Field Name | Type | Description +---|:---:|--- +url | `string` | **REQUIRED**. A URL to the target host. This URL supports Server Variables and MAY be relative, to indicate that the host location is relative to the location where the OpenAPI document is being served. Variable substitutions will be made when a variable is named in `{`brackets`}`. +description | `string` | An optional string describing the host designated by the URL. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. +variables | Map[`string`, [Server Variable Object](#serverVariableObject)] | A map between a variable name and its value. The value is used for substitution in the server's URL template. + +This object MAY be extended with [Specification Extensions](#specificationExtensions). + +##### Server Object Example + +A single server would be described as: + +```json +{ + "url": "https://development.gigantic-server.com/v1", + "description": "Development server" +} +``` + +```yaml +url: https://development.gigantic-server.com/v1 +description: Development server +``` + +The following shows how multiple servers can be described, for example, at the OpenAPI Object's [`servers`](#oasServers): + +```json +{ + "servers": [ + { + "url": "https://development.gigantic-server.com/v1", + "description": "Development server" + }, + { + "url": "https://staging.gigantic-server.com/v1", + "description": "Staging server" + }, + { + "url": "https://api.gigantic-server.com/v1", + "description": "Production server" + } + ] +} +``` + +```yaml +servers: +- url: https://development.gigantic-server.com/v1 + description: Development server +- url: https://staging.gigantic-server.com/v1 + description: Staging server +- url: https://api.gigantic-server.com/v1 + description: Production server +``` + +The following shows how variables can be used for a server configuration: + +```json +{ + "servers": [ + { + "url": "https://{username}.gigantic-server.com:{port}/{basePath}", + "description": "The production API server", + "variables": { + "username": { + "default": "demo", + "description": "this value is assigned by the service provider, in this example `gigantic-server.com`" + }, + "port": { + "enum": [ + "8443", + "443" + ], + "default": "8443" + }, + "basePath": { + "default": "v2" + } + } + } + ] +} +``` + +```yaml +servers: +- url: https://{username}.gigantic-server.com:{port}/{basePath} + description: The production API server + variables: + username: + # note! no enum here means it is an open value + default: demo + description: this value is assigned by the service provider, in this example `gigantic-server.com` + port: + enum: + - '8443' + - '443' + default: '8443' + basePath: + # open meaning there is the opportunity to use special base paths as assigned by the provider, default is `v2` + default: v2 +``` + + +#### Server Variable Object + +An object representing a Server Variable for server URL template substitution. + +##### Fixed Fields + +Field Name | Type | Description +---|:---:|--- +enum | [`string`] | An enumeration of string values to be used if the substitution options are from a limited set. The array SHOULD NOT be empty. +default | `string` | **REQUIRED**. The default value to use for substitution, which SHALL be sent if an alternate value is _not_ supplied. Note this behavior is different than the [Schema Object's](#schemaObject) treatment of default values, because in those cases parameter values are optional. If the [`enum`](#serverVariableEnum) is defined, the value SHOULD exist in the enum's values. +description | `string` | An optional description for the server variable. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. + +This object MAY be extended with [Specification Extensions](#specificationExtensions). + +#### Components Object + +Holds a set of reusable objects for different aspects of the OAS. +All objects defined within the components object will have no effect on the API unless they are explicitly referenced from properties outside the components object. + + +##### Fixed Fields + +Field Name | Type | Description +---|:---|--- + schemas | Map[`string`, [Schema Object](#schemaObject) \| [Reference Object](#referenceObject)] | An object to hold reusable [Schema Objects](#schemaObject). + responses | Map[`string`, [Response Object](#responseObject) \| [Reference Object](#referenceObject)] | An object to hold reusable [Response Objects](#responseObject). + parameters | Map[`string`, [Parameter Object](#parameterObject) \| [Reference Object](#referenceObject)] | An object to hold reusable [Parameter Objects](#parameterObject). + examples | Map[`string`, [Example Object](#exampleObject) \| [Reference Object](#referenceObject)] | An object to hold reusable [Example Objects](#exampleObject). + requestBodies | Map[`string`, [Request Body Object](#requestBodyObject) \| [Reference Object](#referenceObject)] | An object to hold reusable [Request Body Objects](#requestBodyObject). + headers | Map[`string`, [Header Object](#headerObject) \| [Reference Object](#referenceObject)] | An object to hold reusable [Header Objects](#headerObject). + securitySchemes| Map[`string`, [Security Scheme Object](#securitySchemeObject) \| [Reference Object](#referenceObject)] | An object to hold reusable [Security Scheme Objects](#securitySchemeObject). + links | Map[`string`, [Link Object](#linkObject) \| [Reference Object](#referenceObject)] | An object to hold reusable [Link Objects](#linkObject). + callbacks | Map[`string`, [Callback Object](#callbackObject) \| [Reference Object](#referenceObject)] | An object to hold reusable [Callback Objects](#callbackObject). + +This object MAY be extended with [Specification Extensions](#specificationExtensions). + +All the fixed fields declared above are objects that MUST use keys that match the regular expression: `^[a-zA-Z0-9\.\-_]+$`. + +Field Name Examples: + +``` +User +User_1 +User_Name +user-name +my.org.User +``` + +##### Components Object Example + +```json +"components": { + "schemas": { + "GeneralError": { + "type": "object", + "properties": { + "code": { + "type": "integer", + "format": "int32" + }, + "message": { + "type": "string" + } + } + }, + "Category": { + "type": "object", + "properties": { + "id": { + "type": "integer", + "format": "int64" + }, + "name": { + "type": "string" + } + } + }, + "Tag": { + "type": "object", + "properties": { + "id": { + "type": "integer", + "format": "int64" + }, + "name": { + "type": "string" + } + } + } + }, + "parameters": { + "skipParam": { + "name": "skip", + "in": "query", + "description": "number of items to skip", + "required": true, + "schema": { + "type": "integer", + "format": "int32" + } + }, + "limitParam": { + "name": "limit", + "in": "query", + "description": "max records to return", + "required": true, + "schema" : { + "type": "integer", + "format": "int32" + } + } + }, + "responses": { + "NotFound": { + "description": "Entity not found." + }, + "IllegalInput": { + "description": "Illegal input for operation." + }, + "GeneralError": { + "description": "General Error", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/GeneralError" + } + } + } + } + }, + "securitySchemes": { + "api_key": { + "type": "apiKey", + "name": "api_key", + "in": "header" + }, + "petstore_auth": { + "type": "oauth2", + "flows": { + "implicit": { + "authorizationUrl": "http://example.org/api/oauth/dialog", + "scopes": { + "write:pets": "modify pets in your account", + "read:pets": "read your pets" + } + } + } + } + } +} +``` + +```yaml +components: + schemas: + GeneralError: + type: object + properties: + code: + type: integer + format: int32 + message: + type: string + Category: + type: object + properties: + id: + type: integer + format: int64 + name: + type: string + Tag: + type: object + properties: + id: + type: integer + format: int64 + name: + type: string + parameters: + skipParam: + name: skip + in: query + description: number of items to skip + required: true + schema: + type: integer + format: int32 + limitParam: + name: limit + in: query + description: max records to return + required: true + schema: + type: integer + format: int32 + responses: + NotFound: + description: Entity not found. + IllegalInput: + description: Illegal input for operation. + GeneralError: + description: General Error + content: + application/json: + schema: + $ref: '#/components/schemas/GeneralError' + securitySchemes: + api_key: + type: apiKey + name: api_key + in: header + petstore_auth: + type: oauth2 + flows: + implicit: + authorizationUrl: http://example.org/api/oauth/dialog + scopes: + write:pets: modify pets in your account + read:pets: read your pets +``` + + +#### Paths Object + +Holds the relative paths to the individual endpoints and their operations. +The path is appended to the URL from the [`Server Object`](#serverObject) in order to construct the full URL. The Paths MAY be empty, due to [ACL constraints](#securityFiltering). + +##### Patterned Fields + +Field Pattern | Type | Description +---|:---:|--- +/{path} | [Path Item Object](#pathItemObject) | A relative path to an individual endpoint. The field name MUST begin with a forward slash (`/`). The path is **appended** (no relative URL resolution) to the expanded URL from the [`Server Object`](#serverObject)'s `url` field in order to construct the full URL. [Path templating](#pathTemplating) is allowed. When matching URLs, concrete (non-templated) paths would be matched before their templated counterparts. Templated paths with the same hierarchy but different templated names MUST NOT exist as they are identical. In case of ambiguous matching, it's up to the tooling to decide which one to use. + +This object MAY be extended with [Specification Extensions](#specificationExtensions). + +##### Path Templating Matching + +Assuming the following paths, the concrete definition, `/pets/mine`, will be matched first if used: + +``` + /pets/{petId} + /pets/mine +``` + +The following paths are considered identical and invalid: + +``` + /pets/{petId} + /pets/{name} +``` + +The following may lead to ambiguous resolution: + +``` + /{entity}/me + /books/{id} +``` + +##### Paths Object Example + +```json +{ + "/pets": { + "get": { + "description": "Returns all pets from the system that the user has access to", + "responses": { + "200": { + "description": "A list of pets.", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/pet" + } + } + } + } + } + } + } + } +} +``` + +```yaml +/pets: + get: + description: Returns all pets from the system that the user has access to + responses: + '200': + description: A list of pets. + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/pet' +``` + +#### Path Item Object + +Describes the operations available on a single path. +A Path Item MAY be empty, due to [ACL constraints](#securityFiltering). +The path itself is still exposed to the documentation viewer but they will not know which operations and parameters are available. + +##### Fixed Fields + +Field Name | Type | Description +---|:---:|--- +$ref | `string` | Allows for an external definition of this path item. The referenced structure MUST be in the format of a [Path Item Object](#pathItemObject). In case a Path Item Object field appears both in the defined object and the referenced object, the behavior is undefined. +summary| `string` | An optional, string summary, intended to apply to all operations in this path. +description | `string` | An optional, string description, intended to apply to all operations in this path. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. +get | [Operation Object](#operationObject) | A definition of a GET operation on this path. +put | [Operation Object](#operationObject) | A definition of a PUT operation on this path. +post | [Operation Object](#operationObject) | A definition of a POST operation on this path. +delete | [Operation Object](#operationObject) | A definition of a DELETE operation on this path. +options | [Operation Object](#operationObject) | A definition of a OPTIONS operation on this path. +head | [Operation Object](#operationObject) | A definition of a HEAD operation on this path. +patch | [Operation Object](#operationObject) | A definition of a PATCH operation on this path. +trace | [Operation Object](#operationObject) | A definition of a TRACE operation on this path. +servers | [[Server Object](#serverObject)] | An alternative `server` array to service all operations in this path. +parameters | [[Parameter Object](#parameterObject) \| [Reference Object](#referenceObject)] | A list of parameters that are applicable for all the operations described under this path. These parameters can be overridden at the operation level, but cannot be removed there. The list MUST NOT include duplicated parameters. A unique parameter is defined by a combination of a [name](#parameterName) and [location](#parameterIn). The list can use the [Reference Object](#referenceObject) to link to parameters that are defined at the [OpenAPI Object's components/parameters](#componentsParameters). + + +This object MAY be extended with [Specification Extensions](#specificationExtensions). + +##### Path Item Object Example + +```json +{ + "get": { + "description": "Returns pets based on ID", + "summary": "Find pets by ID", + "operationId": "getPetsById", + "responses": { + "200": { + "description": "pet response", + "content": { + "*/*": { + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/Pet" + } + } + } + } + }, + "default": { + "description": "error payload", + "content": { + "text/html": { + "schema": { + "$ref": "#/components/schemas/ErrorModel" + } + } + } + } + } + }, + "parameters": [ + { + "name": "id", + "in": "path", + "description": "ID of pet to use", + "required": true, + "schema": { + "type": "array", + "items": { + "type": "string" + } + }, + "style": "simple" + } + ] +} +``` + +```yaml +get: + description: Returns pets based on ID + summary: Find pets by ID + operationId: getPetsById + responses: + '200': + description: pet response + content: + '*/*' : + schema: + type: array + items: + $ref: '#/components/schemas/Pet' + default: + description: error payload + content: + 'text/html': + schema: + $ref: '#/components/schemas/ErrorModel' +parameters: +- name: id + in: path + description: ID of pet to use + required: true + schema: + type: array + items: + type: string + style: simple +``` + +#### Operation Object + +Describes a single API operation on a path. + +##### Fixed Fields + +Field Name | Type | Description +---|:---:|--- +tags | [`string`] | A list of tags for API documentation control. Tags can be used for logical grouping of operations by resources or any other qualifier. +summary | `string` | A short summary of what the operation does. +description | `string` | A verbose explanation of the operation behavior. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. +externalDocs | [External Documentation Object](#externalDocumentationObject) | Additional external documentation for this operation. +operationId | `string` | Unique string used to identify the operation. The id MUST be unique among all operations described in the API. The operationId value is **case-sensitive**. Tools and libraries MAY use the operationId to uniquely identify an operation, therefore, it is RECOMMENDED to follow common programming naming conventions. +parameters | [[Parameter Object](#parameterObject) \| [Reference Object](#referenceObject)] | A list of parameters that are applicable for this operation. If a parameter is already defined at the [Path Item](#pathItemParameters), the new definition will override it but can never remove it. The list MUST NOT include duplicated parameters. A unique parameter is defined by a combination of a [name](#parameterName) and [location](#parameterIn). The list can use the [Reference Object](#referenceObject) to link to parameters that are defined at the [OpenAPI Object's components/parameters](#componentsParameters). +requestBody | [Request Body Object](#requestBodyObject) \| [Reference Object](#referenceObject) | The request body applicable for this operation. The `requestBody` is only supported in HTTP methods where the HTTP 1.1 specification [RFC7231](https://tools.ietf.org/html/rfc7231#section-4.3.1) has explicitly defined semantics for request bodies. In other cases where the HTTP spec is vague, `requestBody` SHALL be ignored by consumers. +responses | [Responses Object](#responsesObject) | **REQUIRED**. The list of possible responses as they are returned from executing this operation. +callbacks | Map[`string`, [Callback Object](#callbackObject) \| [Reference Object](#referenceObject)] | A map of possible out-of band callbacks related to the parent operation. The key is a unique identifier for the Callback Object. Each value in the map is a [Callback Object](#callbackObject) that describes a request that may be initiated by the API provider and the expected responses. +deprecated | `boolean` | Declares this operation to be deprecated. Consumers SHOULD refrain from usage of the declared operation. Default value is `false`. +security | [[Security Requirement Object](#securityRequirementObject)] | A declaration of which security mechanisms can be used for this operation. The list of values includes alternative security requirement objects that can be used. Only one of the security requirement objects need to be satisfied to authorize a request. To make security optional, an empty security requirement (`{}`) can be included in the array. This definition overrides any declared top-level [`security`](#oasSecurity). To remove a top-level security declaration, an empty array can be used. +servers | [[Server Object](#serverObject)] | An alternative `server` array to service this operation. If an alternative `server` object is specified at the Path Item Object or Root level, it will be overridden by this value. + +This object MAY be extended with [Specification Extensions](#specificationExtensions). + +##### Operation Object Example + +```json +{ + "tags": [ + "pet" + ], + "summary": "Updates a pet in the store with form data", + "operationId": "updatePetWithForm", + "parameters": [ + { + "name": "petId", + "in": "path", + "description": "ID of pet that needs to be updated", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/x-www-form-urlencoded": { + "schema": { + "type": "object", + "properties": { + "name": { + "description": "Updated name of the pet", + "type": "string" + }, + "status": { + "description": "Updated status of the pet", + "type": "string" + } + }, + "required": ["status"] + } + } + } + }, + "responses": { + "200": { + "description": "Pet updated.", + "content": { + "application/json": {}, + "application/xml": {} + } + }, + "405": { + "description": "Method Not Allowed", + "content": { + "application/json": {}, + "application/xml": {} + } + } + }, + "security": [ + { + "petstore_auth": [ + "write:pets", + "read:pets" + ] + } + ] +} +``` + +```yaml +tags: +- pet +summary: Updates a pet in the store with form data +operationId: updatePetWithForm +parameters: +- name: petId + in: path + description: ID of pet that needs to be updated + required: true + schema: + type: string +requestBody: + content: + 'application/x-www-form-urlencoded': + schema: + properties: + name: + description: Updated name of the pet + type: string + status: + description: Updated status of the pet + type: string + required: + - status +responses: + '200': + description: Pet updated. + content: + 'application/json': {} + 'application/xml': {} + '405': + description: Method Not Allowed + content: + 'application/json': {} + 'application/xml': {} +security: +- petstore_auth: + - write:pets + - read:pets +``` + + +#### External Documentation Object + +Allows referencing an external resource for extended documentation. + +##### Fixed Fields + +Field Name | Type | Description +---|:---:|--- +description | `string` | A short description of the target documentation. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. +url | `string` | **REQUIRED**. The URL for the target documentation. Value MUST be in the format of a URL. + +This object MAY be extended with [Specification Extensions](#specificationExtensions). + +##### External Documentation Object Example + +```json +{ + "description": "Find more info here", + "url": "https://example.com" +} +``` + +```yaml +description: Find more info here +url: https://example.com +``` + +#### Parameter Object + +Describes a single operation parameter. + +A unique parameter is defined by a combination of a [name](#parameterName) and [location](#parameterIn). + +##### Parameter Locations +There are four possible parameter locations specified by the `in` field: +* path - Used together with [Path Templating](#pathTemplating), where the parameter value is actually part of the operation's URL. This does not include the host or base path of the API. For example, in `/items/{itemId}`, the path parameter is `itemId`. +* query - Parameters that are appended to the URL. For example, in `/items?id=###`, the query parameter is `id`. +* header - Custom headers that are expected as part of the request. Note that [RFC7230](https://tools.ietf.org/html/rfc7230#page-22) states header names are case insensitive. +* cookie - Used to pass a specific cookie value to the API. + + +##### Fixed Fields +Field Name | Type | Description +---|:---:|--- +name | `string` | **REQUIRED**. The name of the parameter. Parameter names are *case sensitive*. +in | `string` | **REQUIRED**. The location of the parameter. Possible values are `"query"`, `"header"`, `"path"` or `"cookie"`. +description | `string` | A brief description of the parameter. This could contain examples of use. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. +required | `boolean` | Determines whether this parameter is mandatory. If the [parameter location](#parameterIn) is `"path"`, this property is **REQUIRED** and its value MUST be `true`. Otherwise, the property MAY be included and its default value is `false`. + deprecated | `boolean` | Specifies that a parameter is deprecated and SHOULD be transitioned out of usage. Default value is `false`. + allowEmptyValue | `boolean` | Sets the ability to pass empty-valued parameters. This is valid only for `query` parameters and allows sending a parameter with an empty value. Default value is `false`. If [`style`](#parameterStyle) is used, and if behavior is `n/a` (cannot be serialized), the value of `allowEmptyValue` SHALL be ignored. Use of this property is NOT RECOMMENDED, as it is likely to be removed in a later revision. + +The rules for serialization of the parameter are specified in one of two ways. +For simpler scenarios, a [`schema`](#parameterSchema) and [`style`](#parameterStyle) can describe the structure and syntax of the parameter. + +Field Name | Type | Description +---|:---:|--- +style | `string` | Describes how the parameter value will be serialized depending on the type of the parameter value. Default values (based on value of `in`): for `query` - `form`; for `path` - `simple`; for `header` - `simple`; for `cookie` - `form`. +explode | `boolean` | When this is true, parameter values of type `array` or `object` generate separate parameters for each value of the array or key-value pair of the map. For other types of parameters this property has no effect. When [`style`](#parameterStyle) is `form`, the default value is `true`. For all other styles, the default value is `false`. +allowReserved | `boolean` | Determines whether the parameter value SHOULD allow reserved characters, as defined by [RFC3986](https://tools.ietf.org/html/rfc3986#section-2.2) `:/?#[]@!$&'()*+,;=` to be included without percent-encoding. This property only applies to parameters with an `in` value of `query`. The default value is `false`. +schema | [Schema Object](#schemaObject) \| [Reference Object](#referenceObject) | The schema defining the type used for the parameter. +example | Any | Example of the parameter's potential value. The example SHOULD match the specified schema and encoding properties if present. The `example` field is mutually exclusive of the `examples` field. Furthermore, if referencing a `schema` that contains an example, the `example` value SHALL _override_ the example provided by the schema. To represent examples of media types that cannot naturally be represented in JSON or YAML, a string value can contain the example with escaping where necessary. +examples | Map[ `string`, [Example Object](#exampleObject) \| [Reference Object](#referenceObject)] | Examples of the parameter's potential value. Each example SHOULD contain a value in the correct format as specified in the parameter encoding. The `examples` field is mutually exclusive of the `example` field. Furthermore, if referencing a `schema` that contains an example, the `examples` value SHALL _override_ the example provided by the schema. + +For more complex scenarios, the [`content`](#parameterContent) property can define the media type and schema of the parameter. +A parameter MUST contain either a `schema` property, or a `content` property, but not both. +When `example` or `examples` are provided in conjunction with the `schema` object, the example MUST follow the prescribed serialization strategy for the parameter. + + +Field Name | Type | Description +---|:---:|--- +content | Map[`string`, [Media Type Object](#mediaTypeObject)] | A map containing the representations for the parameter. The key is the media type and the value describes it. The map MUST only contain one entry. + +##### Style Values + +In order to support common ways of serializing simple parameters, a set of `style` values are defined. + +`style` | [`type`](#dataTypes) | `in` | Comments +----------- | ------ | -------- | -------- +matrix | `primitive`, `array`, `object` | `path` | Path-style parameters defined by [RFC6570](https://tools.ietf.org/html/rfc6570#section-3.2.7) +label | `primitive`, `array`, `object` | `path` | Label style parameters defined by [RFC6570](https://tools.ietf.org/html/rfc6570#section-3.2.5) +form | `primitive`, `array`, `object` | `query`, `cookie` | Form style parameters defined by [RFC6570](https://tools.ietf.org/html/rfc6570#section-3.2.8). This option replaces `collectionFormat` with a `csv` (when `explode` is false) or `multi` (when `explode` is true) value from OpenAPI 2.0. +simple | `array` | `path`, `header` | Simple style parameters defined by [RFC6570](https://tools.ietf.org/html/rfc6570#section-3.2.2). This option replaces `collectionFormat` with a `csv` value from OpenAPI 2.0. +spaceDelimited | `array` | `query` | Space separated array values. This option replaces `collectionFormat` equal to `ssv` from OpenAPI 2.0. +pipeDelimited | `array` | `query` | Pipe separated array values. This option replaces `collectionFormat` equal to `pipes` from OpenAPI 2.0. +deepObject | `object` | `query` | Provides a simple way of rendering nested objects using form parameters. + + +##### Style Examples + +Assume a parameter named `color` has one of the following values: + +``` + string -> "blue" + array -> ["blue","black","brown"] + object -> { "R": 100, "G": 200, "B": 150 } +``` +The following table shows examples of rendering differences for each value. + +[`style`](#dataTypeFormat) | `explode` | `empty` | `string` | `array` | `object` +----------- | ------ | -------- | -------- | -------- | ------- +matrix | false | ;color | ;color=blue | ;color=blue,black,brown | ;color=R,100,G,200,B,150 +matrix | true | ;color | ;color=blue | ;color=blue;color=black;color=brown | ;R=100;G=200;B=150 +label | false | . | .blue | .blue.black.brown | .R.100.G.200.B.150 +label | true | . | .blue | .blue.black.brown | .R=100.G=200.B=150 +form | false | color= | color=blue | color=blue,black,brown | color=R,100,G,200,B,150 +form | true | color= | color=blue | color=blue&color=black&color=brown | R=100&G=200&B=150 +simple | false | n/a | blue | blue,black,brown | R,100,G,200,B,150 +simple | true | n/a | blue | blue,black,brown | R=100,G=200,B=150 +spaceDelimited | false | n/a | n/a | blue%20black%20brown | R%20100%20G%20200%20B%20150 +pipeDelimited | false | n/a | n/a | blue\|black\|brown | R\|100\|G\|200\|B\|150 +deepObject | true | n/a | n/a | n/a | color[R]=100&color[G]=200&color[B]=150 + +This object MAY be extended with [Specification Extensions](#specificationExtensions). + +##### Parameter Object Examples + +A header parameter with an array of 64 bit integer numbers: + +```json +{ + "name": "token", + "in": "header", + "description": "token to be passed as a header", + "required": true, + "schema": { + "type": "array", + "items": { + "type": "integer", + "format": "int64" + } + }, + "style": "simple" +} +``` + +```yaml +name: token +in: header +description: token to be passed as a header +required: true +schema: + type: array + items: + type: integer + format: int64 +style: simple +``` + +A path parameter of a string value: +```json +{ + "name": "username", + "in": "path", + "description": "username to fetch", + "required": true, + "schema": { + "type": "string" + } +} +``` + +```yaml +name: username +in: path +description: username to fetch +required: true +schema: + type: string +``` + +An optional query parameter of a string value, allowing multiple values by repeating the query parameter: +```json +{ + "name": "id", + "in": "query", + "description": "ID of the object to fetch", + "required": false, + "schema": { + "type": "array", + "items": { + "type": "string" + } + }, + "style": "form", + "explode": true +} +``` + +```yaml +name: id +in: query +description: ID of the object to fetch +required: false +schema: + type: array + items: + type: string +style: form +explode: true +``` + +A free-form query parameter, allowing undefined parameters of a specific type: +```json +{ + "in": "query", + "name": "freeForm", + "schema": { + "type": "object", + "additionalProperties": { + "type": "integer" + }, + }, + "style": "form" +} +``` + +```yaml +in: query +name: freeForm +schema: + type: object + additionalProperties: + type: integer +style: form +``` + +A complex parameter using `content` to define serialization: + +```json +{ + "in": "query", + "name": "coordinates", + "content": { + "application/json": { + "schema": { + "type": "object", + "required": [ + "lat", + "long" + ], + "properties": { + "lat": { + "type": "number" + }, + "long": { + "type": "number" + } + } + } + } + } +} +``` + +```yaml +in: query +name: coordinates +content: + application/json: + schema: + type: object + required: + - lat + - long + properties: + lat: + type: number + long: + type: number +``` + +#### Request Body Object + +Describes a single request body. + +##### Fixed Fields +Field Name | Type | Description +---|:---:|--- +description | `string` | A brief description of the request body. This could contain examples of use. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. +content | Map[`string`, [Media Type Object](#mediaTypeObject)] | **REQUIRED**. The content of the request body. The key is a media type or [media type range](https://tools.ietf.org/html/rfc7231#appendix-D) and the value describes it. For requests that match multiple keys, only the most specific key is applicable. e.g. text/plain overrides text/* +required | `boolean` | Determines if the request body is required in the request. Defaults to `false`. + + +This object MAY be extended with [Specification Extensions](#specificationExtensions). + +##### Request Body Examples + +A request body with a referenced model definition. +```json +{ + "description": "user to add to the system", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/User" + }, + "examples": { + "user" : { + "summary": "User Example", + "externalValue": "http://foo.bar/examples/user-example.json" + } + } + }, + "application/xml": { + "schema": { + "$ref": "#/components/schemas/User" + }, + "examples": { + "user" : { + "summary": "User example in XML", + "externalValue": "http://foo.bar/examples/user-example.xml" + } + } + }, + "text/plain": { + "examples": { + "user" : { + "summary": "User example in Plain text", + "externalValue": "http://foo.bar/examples/user-example.txt" + } + } + }, + "*/*": { + "examples": { + "user" : { + "summary": "User example in other format", + "externalValue": "http://foo.bar/examples/user-example.whatever" + } + } + } + } +} +``` + +```yaml +description: user to add to the system +content: + 'application/json': + schema: + $ref: '#/components/schemas/User' + examples: + user: + summary: User Example + externalValue: 'http://foo.bar/examples/user-example.json' + 'application/xml': + schema: + $ref: '#/components/schemas/User' + examples: + user: + summary: User Example in XML + externalValue: 'http://foo.bar/examples/user-example.xml' + 'text/plain': + examples: + user: + summary: User example in text plain format + externalValue: 'http://foo.bar/examples/user-example.txt' + '*/*': + examples: + user: + summary: User example in other format + externalValue: 'http://foo.bar/examples/user-example.whatever' +``` + +A body parameter that is an array of string values: +```json +{ + "description": "user to add to the system", + "content": { + "text/plain": { + "schema": { + "type": "array", + "items": { + "type": "string" + } + } + } + } +} +``` + +```yaml +description: user to add to the system +required: true +content: + text/plain: + schema: + type: array + items: + type: string +``` + + +#### Media Type Object +Each Media Type Object provides schema and examples for the media type identified by its key. + +##### Fixed Fields +Field Name | Type | Description +---|:---:|--- +schema | [Schema Object](#schemaObject) \| [Reference Object](#referenceObject) | The schema defining the content of the request, response, or parameter. +example | Any | Example of the media type. The example object SHOULD be in the correct format as specified by the media type. The `example` field is mutually exclusive of the `examples` field. Furthermore, if referencing a `schema` which contains an example, the `example` value SHALL _override_ the example provided by the schema. +examples | Map[ `string`, [Example Object](#exampleObject) \| [Reference Object](#referenceObject)] | Examples of the media type. Each example object SHOULD match the media type and specified schema if present. The `examples` field is mutually exclusive of the `example` field. Furthermore, if referencing a `schema` which contains an example, the `examples` value SHALL _override_ the example provided by the schema. +encoding | Map[`string`, [Encoding Object](#encodingObject)] | A map between a property name and its encoding information. The key, being the property name, MUST exist in the schema as a property. The encoding object SHALL only apply to `requestBody` objects when the media type is `multipart` or `application/x-www-form-urlencoded`. + +This object MAY be extended with [Specification Extensions](#specificationExtensions). + +##### Media Type Examples + +```json +{ + "application/json": { + "schema": { + "$ref": "#/components/schemas/Pet" + }, + "examples": { + "cat" : { + "summary": "An example of a cat", + "value": + { + "name": "Fluffy", + "petType": "Cat", + "color": "White", + "gender": "male", + "breed": "Persian" + } + }, + "dog": { + "summary": "An example of a dog with a cat's name", + "value" : { + "name": "Puma", + "petType": "Dog", + "color": "Black", + "gender": "Female", + "breed": "Mixed" + }, + "frog": { + "$ref": "#/components/examples/frog-example" + } + } + } + } +} +``` + +```yaml +application/json: + schema: + $ref: "#/components/schemas/Pet" + examples: + cat: + summary: An example of a cat + value: + name: Fluffy + petType: Cat + color: White + gender: male + breed: Persian + dog: + summary: An example of a dog with a cat's name + value: + name: Puma + petType: Dog + color: Black + gender: Female + breed: Mixed + frog: + $ref: "#/components/examples/frog-example" +``` + +##### Considerations for File Uploads + +In contrast with the 2.0 specification, `file` input/output content in OpenAPI is described with the same semantics as any other schema type. Specifically: + +```yaml +# content transferred with base64 encoding +schema: + type: string + format: base64 +``` + +```yaml +# content transferred in binary (octet-stream): +schema: + type: string + format: binary +``` + +These examples apply to either input payloads of file uploads or response payloads. + +A `requestBody` for submitting a file in a `POST` operation may look like the following example: + +```yaml +requestBody: + content: + application/octet-stream: + schema: + # a binary file of any type + type: string + format: binary +``` + +In addition, specific media types MAY be specified: + +```yaml +# multiple, specific media types may be specified: +requestBody: + content: + # a binary file of type png or jpeg + 'image/jpeg': + schema: + type: string + format: binary + 'image/png': + schema: + type: string + format: binary +``` + +To upload multiple files, a `multipart` media type MUST be used: + +```yaml +requestBody: + content: + multipart/form-data: + schema: + properties: + # The property name 'file' will be used for all files. + file: + type: array + items: + type: string + format: binary + +``` + +##### Support for x-www-form-urlencoded Request Bodies + +To submit content using form url encoding via [RFC1866](https://tools.ietf.org/html/rfc1866), the following +definition may be used: + +```yaml +requestBody: + content: + application/x-www-form-urlencoded: + schema: + type: object + properties: + id: + type: string + format: uuid + address: + # complex types are stringified to support RFC 1866 + type: object + properties: {} +``` + +In this example, the contents in the `requestBody` MUST be stringified per [RFC1866](https://tools.ietf.org/html/rfc1866/) when passed to the server. In addition, the `address` field complex object will be stringified. + +When passing complex objects in the `application/x-www-form-urlencoded` content type, the default serialization strategy of such properties is described in the [`Encoding Object`](#encodingObject)'s [`style`](#encodingStyle) property as `form`. + +##### Special Considerations for `multipart` Content + +It is common to use `multipart/form-data` as a `Content-Type` when transferring request bodies to operations. In contrast to 2.0, a `schema` is REQUIRED to define the input parameters to the operation when using `multipart` content. This supports complex structures as well as supporting mechanisms for multiple file uploads. + +When passing in `multipart` types, boundaries MAY be used to separate sections of the content being transferred — thus, the following default `Content-Type`s are defined for `multipart`: + +* If the property is a primitive, or an array of primitive values, the default Content-Type is `text/plain` +* If the property is complex, or an array of complex values, the default Content-Type is `application/json` +* If the property is a `type: string` with `format: binary` or `format: base64` (aka a file object), the default Content-Type is `application/octet-stream` + + +Examples: + +```yaml +requestBody: + content: + multipart/form-data: + schema: + type: object + properties: + id: + type: string + format: uuid + address: + # default Content-Type for objects is `application/json` + type: object + properties: {} + profileImage: + # default Content-Type for string/binary is `application/octet-stream` + type: string + format: binary + children: + # default Content-Type for arrays is based on the `inner` type (text/plain here) + type: array + items: + type: string + addresses: + # default Content-Type for arrays is based on the `inner` type (object shown, so `application/json` in this example) + type: array + items: + type: '#/components/schemas/Address' +``` + +An `encoding` attribute is introduced to give you control over the serialization of parts of `multipart` request bodies. This attribute is _only_ applicable to `multipart` and `application/x-www-form-urlencoded` request bodies. + +#### Encoding Object + +A single encoding definition applied to a single schema property. + +##### Fixed Fields +Field Name | Type | Description +---|:---:|--- +contentType | `string` | The Content-Type for encoding a specific property. Default value depends on the property type: for `string` with `format` being `binary` – `application/octet-stream`; for other primitive types – `text/plain`; for `object` - `application/json`; for `array` – the default is defined based on the inner type. The value can be a specific media type (e.g. `application/json`), a wildcard media type (e.g. `image/*`), or a comma-separated list of the two types. +headers | Map[`string`, [Header Object](#headerObject) \| [Reference Object](#referenceObject)] | A map allowing additional information to be provided as headers, for example `Content-Disposition`. `Content-Type` is described separately and SHALL be ignored in this section. This property SHALL be ignored if the request body media type is not a `multipart`. +style | `string` | Describes how a specific property value will be serialized depending on its type. See [Parameter Object](#parameterObject) for details on the [`style`](#parameterStyle) property. The behavior follows the same values as `query` parameters, including default values. This property SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. +explode | `boolean` | When this is true, property values of type `array` or `object` generate separate parameters for each value of the array, or key-value-pair of the map. For other types of properties this property has no effect. When [`style`](#encodingStyle) is `form`, the default value is `true`. For all other styles, the default value is `false`. This property SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. +allowReserved | `boolean` | Determines whether the parameter value SHOULD allow reserved characters, as defined by [RFC3986](https://tools.ietf.org/html/rfc3986#section-2.2) `:/?#[]@!$&'()*+,;=` to be included without percent-encoding. The default value is `false`. This property SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. + +This object MAY be extended with [Specification Extensions](#specificationExtensions). + +##### Encoding Object Example + +```yaml +requestBody: + content: + multipart/mixed: + schema: + type: object + properties: + id: + # default is text/plain + type: string + format: uuid + address: + # default is application/json + type: object + properties: {} + historyMetadata: + # need to declare XML format! + description: metadata in XML format + type: object + properties: {} + profileImage: + # default is application/octet-stream, need to declare an image type only! + type: string + format: binary + encoding: + historyMetadata: + # require XML Content-Type in utf-8 encoding + contentType: application/xml; charset=utf-8 + profileImage: + # only accept png/jpeg + contentType: image/png, image/jpeg + headers: + X-Rate-Limit-Limit: + description: The number of allowed requests in the current period + schema: + type: integer +``` + +#### Responses Object + +A container for the expected responses of an operation. +The container maps a HTTP response code to the expected response. + +The documentation is not necessarily expected to cover all possible HTTP response codes because they may not be known in advance. +However, documentation is expected to cover a successful operation response and any known errors. + +The `default` MAY be used as a default response object for all HTTP codes +that are not covered individually by the specification. + +The `Responses Object` MUST contain at least one response code, and it +SHOULD be the response for a successful operation call. + +##### Fixed Fields +Field Name | Type | Description +---|:---:|--- +default | [Response Object](#responseObject) \| [Reference Object](#referenceObject) | The documentation of responses other than the ones declared for specific HTTP response codes. Use this field to cover undeclared responses. A [Reference Object](#referenceObject) can link to a response that the [OpenAPI Object's components/responses](#componentsResponses) section defines. + +##### Patterned Fields +Field Pattern | Type | Description +---|:---:|--- +[HTTP Status Code](#httpCodes) | [Response Object](#responseObject) \| [Reference Object](#referenceObject) | Any [HTTP status code](#httpCodes) can be used as the property name, but only one property per code, to describe the expected response for that HTTP status code. A [Reference Object](#referenceObject) can link to a response that is defined in the [OpenAPI Object's components/responses](#componentsResponses) section. This field MUST be enclosed in quotation marks (for example, "200") for compatibility between JSON and YAML. To define a range of response codes, this field MAY contain the uppercase wildcard character `X`. For example, `2XX` represents all response codes between `[200-299]`. Only the following range definitions are allowed: `1XX`, `2XX`, `3XX`, `4XX`, and `5XX`. If a response is defined using an explicit code, the explicit code definition takes precedence over the range definition for that code. + + +This object MAY be extended with [Specification Extensions](#specificationExtensions). + +##### Responses Object Example + +A 200 response for a successful operation and a default response for others (implying an error): + +```json +{ + "200": { + "description": "a pet to be returned", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Pet" + } + } + } + }, + "default": { + "description": "Unexpected error", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ErrorModel" + } + } + } + } +} +``` + +```yaml +'200': + description: a pet to be returned + content: + application/json: + schema: + $ref: '#/components/schemas/Pet' +default: + description: Unexpected error + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorModel' +``` + +#### Response Object +Describes a single response from an API Operation, including design-time, static +`links` to operations based on the response. + +##### Fixed Fields +Field Name | Type | Description +---|:---:|--- +description | `string` | **REQUIRED**. A short description of the response. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. +headers | Map[`string`, [Header Object](#headerObject) \| [Reference Object](#referenceObject)] | Maps a header name to its definition. [RFC7230](https://tools.ietf.org/html/rfc7230#page-22) states header names are case insensitive. If a response header is defined with the name `"Content-Type"`, it SHALL be ignored. +content | Map[`string`, [Media Type Object](#mediaTypeObject)] | A map containing descriptions of potential response payloads. The key is a media type or [media type range](https://tools.ietf.org/html/rfc7231#appendix-D) and the value describes it. For responses that match multiple keys, only the most specific key is applicable. e.g. text/plain overrides text/* +links | Map[`string`, [Link Object](#linkObject) \| [Reference Object](#referenceObject)] | A map of operations links that can be followed from the response. The key of the map is a short name for the link, following the naming constraints of the names for [Component Objects](#componentsObject). + +This object MAY be extended with [Specification Extensions](#specificationExtensions). + +##### Response Object Examples + +Response of an array of a complex type: + +```json +{ + "description": "A complex object array response", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/VeryComplexType" + } + } + } + } +} +``` + +```yaml +description: A complex object array response +content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/VeryComplexType' +``` + +Response with a string type: + +```json +{ + "description": "A simple string response", + "content": { + "text/plain": { + "schema": { + "type": "string" + } + } + } + +} +``` + +```yaml +description: A simple string response +content: + text/plain: + schema: + type: string +``` + +Plain text response with headers: + +```json +{ + "description": "A simple string response", + "content": { + "text/plain": { + "schema": { + "type": "string", + "example": "whoa!" + } + } + }, + "headers": { + "X-Rate-Limit-Limit": { + "description": "The number of allowed requests in the current period", + "schema": { + "type": "integer" + } + }, + "X-Rate-Limit-Remaining": { + "description": "The number of remaining requests in the current period", + "schema": { + "type": "integer" + } + }, + "X-Rate-Limit-Reset": { + "description": "The number of seconds left in the current period", + "schema": { + "type": "integer" + } + } + } +} +``` + +```yaml +description: A simple string response +content: + text/plain: + schema: + type: string + example: 'whoa!' +headers: + X-Rate-Limit-Limit: + description: The number of allowed requests in the current period + schema: + type: integer + X-Rate-Limit-Remaining: + description: The number of remaining requests in the current period + schema: + type: integer + X-Rate-Limit-Reset: + description: The number of seconds left in the current period + schema: + type: integer +``` + +Response with no return value: + +```json +{ + "description": "object created" +} +``` + +```yaml +description: object created +``` + +#### Callback Object + +A map of possible out-of band callbacks related to the parent operation. +Each value in the map is a [Path Item Object](#pathItemObject) that describes a set of requests that may be initiated by the API provider and the expected responses. +The key value used to identify the path item object is an expression, evaluated at runtime, that identifies a URL to use for the callback operation. + +##### Patterned Fields +Field Pattern | Type | Description +---|:---:|--- +{expression} | [Path Item Object](#pathItemObject) | A Path Item Object used to define a callback request and expected responses. A [complete example](../examples/v3.0/callback-example.yaml) is available. + +This object MAY be extended with [Specification Extensions](#specificationExtensions). + +##### Key Expression + +The key that identifies the [Path Item Object](#pathItemObject) is a [runtime expression](#runtimeExpression) that can be evaluated in the context of a runtime HTTP request/response to identify the URL to be used for the callback request. +A simple example might be `$request.body#/url`. +However, using a [runtime expression](#runtimeExpression) the complete HTTP message can be accessed. +This includes accessing any part of a body that a JSON Pointer [RFC6901](https://tools.ietf.org/html/rfc6901) can reference. + +For example, given the following HTTP request: + +```http +POST /subscribe/myevent?queryUrl=http://clientdomain.com/stillrunning HTTP/1.1 +Host: example.org +Content-Type: application/json +Content-Length: 187 + +{ + "failedUrl" : "http://clientdomain.com/failed", + "successUrls" : [ + "http://clientdomain.com/fast", + "http://clientdomain.com/medium", + "http://clientdomain.com/slow" + ] +} + +201 Created +Location: http://example.org/subscription/1 +``` + +The following examples show how the various expressions evaluate, assuming the callback operation has a path parameter named `eventType` and a query parameter named `queryUrl`. + +Expression | Value +---|:--- +$url | http://example.org/subscribe/myevent?queryUrl=http://clientdomain.com/stillrunning +$method | POST +$request.path.eventType | myevent +$request.query.queryUrl | http://clientdomain.com/stillrunning +$request.header.content-Type | application/json +$request.body#/failedUrl | http://clientdomain.com/failed +$request.body#/successUrls/2 | http://clientdomain.com/medium +$response.header.Location | http://example.org/subscription/1 + + +##### Callback Object Examples + +The following example uses the user provided `queryUrl` query string parameter to define the callback URL. This is an example of how to use a callback object to describe a WebHook callback that goes with the subscription operation to enable registering for the WebHook. + +```yaml +myCallback: + '{$request.query.queryUrl}': + post: + requestBody: + description: Callback payload + content: + 'application/json': + schema: + $ref: '#/components/schemas/SomePayload' + responses: + '200': + description: callback successfully processed +``` + +The following example shows a callback where the server is hard-coded, but the query string parameters are populated from the `id` and `email` property in the request body. + +```yaml +transactionCallback: + 'http://notificationServer.com?transactionId={$request.body#/id}&email={$request.body#/email}': + post: + requestBody: + description: Callback payload + content: + 'application/json': + schema: + $ref: '#/components/schemas/SomePayload' + responses: + '200': + description: callback successfully processed +``` + +#### Example Object + +##### Fixed Fields +Field Name | Type | Description +---|:---:|--- +summary | `string` | Short description for the example. +description | `string` | Long description for the example. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. +value | Any | Embedded literal example. The `value` field and `externalValue` field are mutually exclusive. To represent examples of media types that cannot naturally represented in JSON or YAML, use a string value to contain the example, escaping where necessary. +externalValue | `string` | A URL that points to the literal example. This provides the capability to reference examples that cannot easily be included in JSON or YAML documents. The `value` field and `externalValue` field are mutually exclusive. + +This object MAY be extended with [Specification Extensions](#specificationExtensions). + +In all cases, the example value is expected to be compatible with the type schema +of its associated value. Tooling implementations MAY choose to +validate compatibility automatically, and reject the example value(s) if incompatible. + +##### Example Object Examples + +In a request body: + +```yaml +requestBody: + content: + 'application/json': + schema: + $ref: '#/components/schemas/Address' + examples: + foo: + summary: A foo example + value: {"foo": "bar"} + bar: + summary: A bar example + value: {"bar": "baz"} + 'application/xml': + examples: + xmlExample: + summary: This is an example in XML + externalValue: 'http://example.org/examples/address-example.xml' + 'text/plain': + examples: + textExample: + summary: This is a text example + externalValue: 'http://foo.bar/examples/address-example.txt' +``` + +In a parameter: + +```yaml +parameters: + - name: 'zipCode' + in: 'query' + schema: + type: 'string' + format: 'zip-code' + examples: + zip-example: + $ref: '#/components/examples/zip-example' +``` + +In a response: + +```yaml +responses: + '200': + description: your car appointment has been booked + content: + application/json: + schema: + $ref: '#/components/schemas/SuccessResponse' + examples: + confirmation-success: + $ref: '#/components/examples/confirmation-success' +``` + + +#### Link Object + +The `Link object` represents a possible design-time link for a response. +The presence of a link does not guarantee the caller's ability to successfully invoke it, rather it provides a known relationship and traversal mechanism between responses and other operations. + +Unlike _dynamic_ links (i.e. links provided **in** the response payload), the OAS linking mechanism does not require link information in the runtime response. + +For computing links, and providing instructions to execute them, a [runtime expression](#runtimeExpression) is used for accessing values in an operation and using them as parameters while invoking the linked operation. + +##### Fixed Fields + +Field Name | Type | Description +---|:---:|--- +operationRef | `string` | A relative or absolute URI reference to an OAS operation. This field is mutually exclusive of the `operationId` field, and MUST point to an [Operation Object](#operationObject). Relative `operationRef` values MAY be used to locate an existing [Operation Object](#operationObject) in the OpenAPI definition. +operationId | `string` | The name of an _existing_, resolvable OAS operation, as defined with a unique `operationId`. This field is mutually exclusive of the `operationRef` field. +parameters | Map[`string`, Any \| [{expression}](#runtimeExpression)] | A map representing parameters to pass to an operation as specified with `operationId` or identified via `operationRef`. The key is the parameter name to be used, whereas the value can be a constant or an expression to be evaluated and passed to the linked operation. The parameter name can be qualified using the [parameter location](#parameterIn) `[{in}.]{name}` for operations that use the same parameter name in different locations (e.g. path.id). +requestBody | Any \| [{expression}](#runtimeExpression) | A literal value or [{expression}](#runtimeExpression) to use as a request body when calling the target operation. +description | `string` | A description of the link. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. +server | [Server Object](#serverObject) | A server object to be used by the target operation. + +This object MAY be extended with [Specification Extensions](#specificationExtensions). + +A linked operation MUST be identified using either an `operationRef` or `operationId`. +In the case of an `operationId`, it MUST be unique and resolved in the scope of the OAS document. +Because of the potential for name clashes, the `operationRef` syntax is preferred +for specifications with external references. + +##### Examples + +Computing a link from a request operation where the `$request.path.id` is used to pass a request parameter to the linked operation. + +```yaml +paths: + /users/{id}: + parameters: + - name: id + in: path + required: true + description: the user identifier, as userId + schema: + type: string + get: + responses: + '200': + description: the user being returned + content: + application/json: + schema: + type: object + properties: + uuid: # the unique user id + type: string + format: uuid + links: + address: + # the target link operationId + operationId: getUserAddress + parameters: + # get the `id` field from the request path parameter named `id` + userId: $request.path.id + # the path item of the linked operation + /users/{userid}/address: + parameters: + - name: userid + in: path + required: true + description: the user identifier, as userId + schema: + type: string + # linked operation + get: + operationId: getUserAddress + responses: + '200': + description: the user's address +``` + +When a runtime expression fails to evaluate, no parameter value is passed to the target operation. + +Values from the response body can be used to drive a linked operation. + +```yaml +links: + address: + operationId: getUserAddressByUUID + parameters: + # get the `uuid` field from the `uuid` field in the response body + userUuid: $response.body#/uuid +``` + +Clients follow all links at their discretion. +Neither permissions, nor the capability to make a successful call to that link, is guaranteed +solely by the existence of a relationship. + + +##### OperationRef Examples + +As references to `operationId` MAY NOT be possible (the `operationId` is an optional +field in an [Operation Object](#operationObject)), references MAY also be made through a relative `operationRef`: + +```yaml +links: + UserRepositories: + # returns array of '#/components/schemas/repository' + operationRef: '#/paths/~12.0~1repositories~1{username}/get' + parameters: + username: $response.body#/username +``` + +or an absolute `operationRef`: + +```yaml +links: + UserRepositories: + # returns array of '#/components/schemas/repository' + operationRef: 'https://na2.gigantic-server.com/#/paths/~12.0~1repositories~1{username}/get' + parameters: + username: $response.body#/username +``` + +Note that in the use of `operationRef`, the _escaped forward-slash_ is necessary when +using JSON references. + + +##### Runtime Expressions + +Runtime expressions allow defining values based on information that will only be available within the HTTP message in an actual API call. +This mechanism is used by [Link Objects](#linkObject) and [Callback Objects](#callbackObject). + +The runtime expression is defined by the following [ABNF](https://tools.ietf.org/html/rfc5234) syntax + +```abnf + expression = ( "$url" / "$method" / "$statusCode" / "$request." source / "$response." source ) + source = ( header-reference / query-reference / path-reference / body-reference ) + header-reference = "header." token + query-reference = "query." name + path-reference = "path." name + body-reference = "body" ["#" json-pointer ] + json-pointer = *( "/" reference-token ) + reference-token = *( unescaped / escaped ) + unescaped = %x00-2E / %x30-7D / %x7F-10FFFF + ; %x2F ('/') and %x7E ('~') are excluded from 'unescaped' + escaped = "~" ( "0" / "1" ) + ; representing '~' and '/', respectively + name = *( CHAR ) + token = 1*tchar + tchar = "!" / "#" / "$" / "%" / "&" / "'" / "*" / "+" / "-" / "." / + "^" / "_" / "`" / "|" / "~" / DIGIT / ALPHA +``` + +Here, `json-pointer` is taken from [RFC 6901](https://tools.ietf.org/html/rfc6901), `char` from [RFC 7159](https://tools.ietf.org/html/rfc7159#section-7) and `token` from [RFC 7230](https://tools.ietf.org/html/rfc7230#section-3.2.6). + +The `name` identifier is case-sensitive, whereas `token` is not. + +The table below provides examples of runtime expressions and examples of their use in a value: + +##### Examples + +Source Location | example expression | notes +---|:---|:---| +HTTP Method | `$method` | The allowable values for the `$method` will be those for the HTTP operation. +Requested media type | `$request.header.accept` | +Request parameter | `$request.path.id` | Request parameters MUST be declared in the `parameters` section of the parent operation or they cannot be evaluated. This includes request headers. +Request body property | `$request.body#/user/uuid` | In operations which accept payloads, references may be made to portions of the `requestBody` or the entire body. +Request URL | `$url` | +Response value | `$response.body#/status` | In operations which return payloads, references may be made to portions of the response body or the entire body. +Response header | `$response.header.Server` | Single header values only are available + +Runtime expressions preserve the type of the referenced value. +Expressions can be embedded into string values by surrounding the expression with `{}` curly braces. + +#### Header Object + +The Header Object follows the structure of the [Parameter Object](#parameterObject) with the following changes: + +1. `name` MUST NOT be specified, it is given in the corresponding `headers` map. +1. `in` MUST NOT be specified, it is implicitly in `header`. +1. All traits that are affected by the location MUST be applicable to a location of `header` (for example, [`style`](#parameterStyle)). + +##### Header Object Example + +A simple header of type `integer`: + +```json +{ + "description": "The number of allowed requests in the current period", + "schema": { + "type": "integer" + } +} +``` + +```yaml +description: The number of allowed requests in the current period +schema: + type: integer +``` + +#### Tag Object + +Adds metadata to a single tag that is used by the [Operation Object](#operationObject). +It is not mandatory to have a Tag Object per tag defined in the Operation Object instances. + +##### Fixed Fields +Field Name | Type | Description +---|:---:|--- +name | `string` | **REQUIRED**. The name of the tag. +description | `string` | A short description for the tag. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. +externalDocs | [External Documentation Object](#externalDocumentationObject) | Additional external documentation for this tag. + +This object MAY be extended with [Specification Extensions](#specificationExtensions). + +##### Tag Object Example + +```json +{ + "name": "pet", + "description": "Pets operations" +} +``` + +```yaml +name: pet +description: Pets operations +``` + + +#### Reference Object + +A simple object to allow referencing other components in the specification, internally and externally. + +The Reference Object is defined by [JSON Reference](https://tools.ietf.org/html/draft-pbryan-zyp-json-ref-03) and follows the same structure, behavior and rules. + +For this specification, reference resolution is accomplished as defined by the JSON Reference specification and not by the JSON Schema specification. + +##### Fixed Fields +Field Name | Type | Description +---|:---:|--- +$ref | `string` | **REQUIRED**. The reference string. + +This object cannot be extended with additional properties and any properties added SHALL be ignored. + +##### Reference Object Example + +```json +{ + "$ref": "#/components/schemas/Pet" +} +``` + +```yaml +$ref: '#/components/schemas/Pet' +``` + +##### Relative Schema Document Example +```json +{ + "$ref": "Pet.json" +} +``` + +```yaml +$ref: Pet.yaml +``` + +##### Relative Documents With Embedded Schema Example +```json +{ + "$ref": "definitions.json#/Pet" +} +``` + +```yaml +$ref: definitions.yaml#/Pet +``` + +#### Schema Object + +The Schema Object allows the definition of input and output data types. +These types can be objects, but also primitives and arrays. +This object is an extended subset of the [JSON Schema Specification Wright Draft 00](https://json-schema.org/). + +For more information about the properties, see [JSON Schema Core](https://tools.ietf.org/html/draft-wright-json-schema-00) and [JSON Schema Validation](https://tools.ietf.org/html/draft-wright-json-schema-validation-00). +Unless stated otherwise, the property definitions follow the JSON Schema. + +##### Properties + +The following properties are taken directly from the JSON Schema definition and follow the same specifications: + +- title +- multipleOf +- maximum +- exclusiveMaximum +- minimum +- exclusiveMinimum +- maxLength +- minLength +- pattern (This string SHOULD be a valid regular expression, according to the [Ecma-262 Edition 5.1 regular expression](https://www.ecma-international.org/ecma-262/5.1/#sec-15.10.1) dialect) +- maxItems +- minItems +- uniqueItems +- maxProperties +- minProperties +- required +- enum + +The following properties are taken from the JSON Schema definition but their definitions were adjusted to the OpenAPI Specification. +- type - Value MUST be a string. Multiple types via an array are not supported. +- allOf - Inline or referenced schema MUST be of a [Schema Object](#schemaObject) and not a standard JSON Schema. +- oneOf - Inline or referenced schema MUST be of a [Schema Object](#schemaObject) and not a standard JSON Schema. +- anyOf - Inline or referenced schema MUST be of a [Schema Object](#schemaObject) and not a standard JSON Schema. +- not - Inline or referenced schema MUST be of a [Schema Object](#schemaObject) and not a standard JSON Schema. +- items - Value MUST be an object and not an array. Inline or referenced schema MUST be of a [Schema Object](#schemaObject) and not a standard JSON Schema. `items` MUST be present if the `type` is `array`. +- properties - Property definitions MUST be a [Schema Object](#schemaObject) and not a standard JSON Schema (inline or referenced). +- additionalProperties - Value can be boolean or object. Inline or referenced schema MUST be of a [Schema Object](#schemaObject) and not a standard JSON Schema. Consistent with JSON Schema, `additionalProperties` defaults to `true`. +- description - [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. +- format - See [Data Type Formats](#dataTypeFormat) for further details. While relying on JSON Schema's defined formats, the OAS offers a few additional predefined formats. +- default - The default value represents what would be assumed by the consumer of the input as the value of the schema if one is not provided. Unlike JSON Schema, the value MUST conform to the defined type for the Schema Object defined at the same level. For example, if `type` is `string`, then `default` can be `"foo"` but cannot be `1`. + +Alternatively, any time a Schema Object can be used, a [Reference Object](#referenceObject) can be used in its place. This allows referencing definitions instead of defining them inline. + +Additional properties defined by the JSON Schema specification that are not mentioned here are strictly unsupported. + +Other than the JSON Schema subset fields, the following fields MAY be used for further schema documentation: + +##### Fixed Fields +Field Name | Type | Description +---|:---:|--- +nullable | `boolean` | A `true` value adds `"null"` to the allowed type specified by the `type` keyword, only if `type` is explicitly defined within the same Schema Object. Other Schema Object constraints retain their defined behavior, and therefore may disallow the use of `null` as a value. A `false` value leaves the specified or default `type` unmodified. The default value is `false`. +discriminator | [Discriminator Object](#discriminatorObject) | Adds support for polymorphism. The discriminator is an object name that is used to differentiate between other schemas which may satisfy the payload description. See [Composition and Inheritance](#schemaComposition) for more details. +readOnly | `boolean` | Relevant only for Schema `"properties"` definitions. Declares the property as "read only". This means that it MAY be sent as part of a response but SHOULD NOT be sent as part of the request. If the property is marked as `readOnly` being `true` and is in the `required` list, the `required` will take effect on the response only. A property MUST NOT be marked as both `readOnly` and `writeOnly` being `true`. Default value is `false`. +writeOnly | `boolean` | Relevant only for Schema `"properties"` definitions. Declares the property as "write only". Therefore, it MAY be sent as part of a request but SHOULD NOT be sent as part of the response. If the property is marked as `writeOnly` being `true` and is in the `required` list, the `required` will take effect on the request only. A property MUST NOT be marked as both `readOnly` and `writeOnly` being `true`. Default value is `false`. +xml | [XML Object](#xmlObject) | This MAY be used only on properties schemas. It has no effect on root schemas. Adds additional metadata to describe the XML representation of this property. +externalDocs | [External Documentation Object](#externalDocumentationObject) | Additional external documentation for this schema. +example | Any | A free-form property to include an example of an instance for this schema. To represent examples that cannot be naturally represented in JSON or YAML, a string value can be used to contain the example with escaping where necessary. + deprecated | `boolean` | Specifies that a schema is deprecated and SHOULD be transitioned out of usage. Default value is `false`. + +This object MAY be extended with [Specification Extensions](#specificationExtensions). + +###### Composition and Inheritance (Polymorphism) + +The OpenAPI Specification allows combining and extending model definitions using the `allOf` property of JSON Schema, in effect offering model composition. +`allOf` takes an array of object definitions that are validated *independently* but together compose a single object. + +While composition offers model extensibility, it does not imply a hierarchy between the models. +To support polymorphism, the OpenAPI Specification adds the `discriminator` field. +When used, the `discriminator` will be the name of the property that decides which schema definition validates the structure of the model. +As such, the `discriminator` field MUST be a required field. +There are two ways to define the value of a discriminator for an inheriting instance. +- Use the schema name. +- Override the schema name by overriding the property with a new value. If a new value exists, this takes precedence over the schema name. +As such, inline schema definitions, which do not have a given id, *cannot* be used in polymorphism. + +###### XML Modeling + +The [xml](#schemaXml) property allows extra definitions when translating the JSON definition to XML. +The [XML Object](#xmlObject) contains additional information about the available options. + +##### Schema Object Examples + +###### Primitive Sample + +```json +{ + "type": "string", + "format": "email" +} +``` + +```yaml +type: string +format: email +``` + +###### Simple Model + +```json +{ + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "type": "string" + }, + "address": { + "$ref": "#/components/schemas/Address" + }, + "age": { + "type": "integer", + "format": "int32", + "minimum": 0 + } + } +} +``` + +```yaml +type: object +required: +- name +properties: + name: + type: string + address: + $ref: '#/components/schemas/Address' + age: + type: integer + format: int32 + minimum: 0 +``` + +###### Model with Map/Dictionary Properties + +For a simple string to string mapping: + +```json +{ + "type": "object", + "additionalProperties": { + "type": "string" + } +} +``` + +```yaml +type: object +additionalProperties: + type: string +``` + +For a string to model mapping: + +```json +{ + "type": "object", + "additionalProperties": { + "$ref": "#/components/schemas/ComplexModel" + } +} +``` + +```yaml +type: object +additionalProperties: + $ref: '#/components/schemas/ComplexModel' +``` + +###### Model with Example + +```json +{ + "type": "object", + "properties": { + "id": { + "type": "integer", + "format": "int64" + }, + "name": { + "type": "string" + } + }, + "required": [ + "name" + ], + "example": { + "name": "Puma", + "id": 1 + } +} +``` + +```yaml +type: object +properties: + id: + type: integer + format: int64 + name: + type: string +required: +- name +example: + name: Puma + id: 1 +``` + +###### Models with Composition + +```json +{ + "components": { + "schemas": { + "ErrorModel": { + "type": "object", + "required": [ + "message", + "code" + ], + "properties": { + "message": { + "type": "string" + }, + "code": { + "type": "integer", + "minimum": 100, + "maximum": 600 + } + } + }, + "ExtendedErrorModel": { + "allOf": [ + { + "$ref": "#/components/schemas/ErrorModel" + }, + { + "type": "object", + "required": [ + "rootCause" + ], + "properties": { + "rootCause": { + "type": "string" + } + } + } + ] + } + } + } +} +``` + +```yaml +components: + schemas: + ErrorModel: + type: object + required: + - message + - code + properties: + message: + type: string + code: + type: integer + minimum: 100 + maximum: 600 + ExtendedErrorModel: + allOf: + - $ref: '#/components/schemas/ErrorModel' + - type: object + required: + - rootCause + properties: + rootCause: + type: string +``` + +###### Models with Polymorphism Support + +```json +{ + "components": { + "schemas": { + "Pet": { + "type": "object", + "discriminator": { + "propertyName": "petType" + }, + "properties": { + "name": { + "type": "string" + }, + "petType": { + "type": "string" + } + }, + "required": [ + "name", + "petType" + ] + }, + "Cat": { + "description": "A representation of a cat. Note that `Cat` will be used as the discriminator value.", + "allOf": [ + { + "$ref": "#/components/schemas/Pet" + }, + { + "type": "object", + "properties": { + "huntingSkill": { + "type": "string", + "description": "The measured skill for hunting", + "default": "lazy", + "enum": [ + "clueless", + "lazy", + "adventurous", + "aggressive" + ] + } + }, + "required": [ + "huntingSkill" + ] + } + ] + }, + "Dog": { + "description": "A representation of a dog. Note that `Dog` will be used as the discriminator value.", + "allOf": [ + { + "$ref": "#/components/schemas/Pet" + }, + { + "type": "object", + "properties": { + "packSize": { + "type": "integer", + "format": "int32", + "description": "the size of the pack the dog is from", + "default": 0, + "minimum": 0 + } + }, + "required": [ + "packSize" + ] + } + ] + } + } + } +} +``` + +```yaml +components: + schemas: + Pet: + type: object + discriminator: + propertyName: petType + properties: + name: + type: string + petType: + type: string + required: + - name + - petType + Cat: ## "Cat" will be used as the discriminator value + description: A representation of a cat + allOf: + - $ref: '#/components/schemas/Pet' + - type: object + properties: + huntingSkill: + type: string + description: The measured skill for hunting + enum: + - clueless + - lazy + - adventurous + - aggressive + required: + - huntingSkill + Dog: ## "Dog" will be used as the discriminator value + description: A representation of a dog + allOf: + - $ref: '#/components/schemas/Pet' + - type: object + properties: + packSize: + type: integer + format: int32 + description: the size of the pack the dog is from + default: 0 + minimum: 0 + required: + - packSize +``` + +#### Discriminator Object + +When request bodies or response payloads may be one of a number of different schemas, a `discriminator` object can be used to aid in serialization, deserialization, and validation. The discriminator is a specific object in a schema which is used to inform the consumer of the specification of an alternative schema based on the value associated with it. + +When using the discriminator, _inline_ schemas will not be considered. + +##### Fixed Fields +Field Name | Type | Description +---|:---:|--- +propertyName | `string` | **REQUIRED**. The name of the property in the payload that will hold the discriminator value. + mapping | Map[`string`, `string`] | An object to hold mappings between payload values and schema names or references. + +The discriminator object is legal only when using one of the composite keywords `oneOf`, `anyOf`, `allOf`. + +In OAS 3.0, a response payload MAY be described to be exactly one of any number of types: + +```yaml +MyResponseType: + oneOf: + - $ref: '#/components/schemas/Cat' + - $ref: '#/components/schemas/Dog' + - $ref: '#/components/schemas/Lizard' +``` + +which means the payload _MUST_, by validation, match exactly one of the schemas described by `Cat`, `Dog`, or `Lizard`. In this case, a discriminator MAY act as a "hint" to shortcut validation and selection of the matching schema which may be a costly operation, depending on the complexity of the schema. We can then describe exactly which field tells us which schema to use: + + +```yaml +MyResponseType: + oneOf: + - $ref: '#/components/schemas/Cat' + - $ref: '#/components/schemas/Dog' + - $ref: '#/components/schemas/Lizard' + discriminator: + propertyName: petType +``` + +The expectation now is that a property with name `petType` _MUST_ be present in the response payload, and the value will correspond to the name of a schema defined in the OAS document. Thus the response payload: + +```json +{ + "id": 12345, + "petType": "Cat" +} +``` + +Will indicate that the `Cat` schema be used in conjunction with this payload. + +In scenarios where the value of the discriminator field does not match the schema name or implicit mapping is not possible, an optional `mapping` definition MAY be used: + +```yaml +MyResponseType: + oneOf: + - $ref: '#/components/schemas/Cat' + - $ref: '#/components/schemas/Dog' + - $ref: '#/components/schemas/Lizard' + - $ref: 'https://gigantic-server.com/schemas/Monster/schema.json' + discriminator: + propertyName: petType + mapping: + dog: '#/components/schemas/Dog' + monster: 'https://gigantic-server.com/schemas/Monster/schema.json' +``` + +Here the discriminator _value_ of `dog` will map to the schema `#/components/schemas/Dog`, rather than the default (implicit) value of `Dog`. If the discriminator _value_ does not match an implicit or explicit mapping, no schema can be determined and validation SHOULD fail. Mapping keys MUST be string values, but tooling MAY convert response values to strings for comparison. + +When used in conjunction with the `anyOf` construct, the use of the discriminator can avoid ambiguity where multiple schemas may satisfy a single payload. + +In both the `oneOf` and `anyOf` use cases, all possible schemas MUST be listed explicitly. To avoid redundancy, the discriminator MAY be added to a parent schema definition, and all schemas comprising the parent schema in an `allOf` construct may be used as an alternate schema. + +For example: + +```yaml +components: + schemas: + Pet: + type: object + required: + - petType + properties: + petType: + type: string + discriminator: + propertyName: petType + mapping: + dog: Dog + Cat: + allOf: + - $ref: '#/components/schemas/Pet' + - type: object + # all other properties specific to a `Cat` + properties: + name: + type: string + Dog: + allOf: + - $ref: '#/components/schemas/Pet' + - type: object + # all other properties specific to a `Dog` + properties: + bark: + type: string + Lizard: + allOf: + - $ref: '#/components/schemas/Pet' + - type: object + # all other properties specific to a `Lizard` + properties: + lovesRocks: + type: boolean +``` + +a payload like this: + +```json +{ + "petType": "Cat", + "name": "misty" +} +``` + +will indicate that the `Cat` schema be used. Likewise this schema: + +```json +{ + "petType": "dog", + "bark": "soft" +} +``` + +will map to `Dog` because of the definition in the `mappings` element. + + +#### XML Object + +A metadata object that allows for more fine-tuned XML model definitions. + +When using arrays, XML element names are *not* inferred (for singular/plural forms) and the `name` property SHOULD be used to add that information. +See examples for expected behavior. + +##### Fixed Fields +Field Name | Type | Description +---|:---:|--- +name | `string` | Replaces the name of the element/attribute used for the described schema property. When defined within `items`, it will affect the name of the individual XML elements within the list. When defined alongside `type` being `array` (outside the `items`), it will affect the wrapping element and only if `wrapped` is `true`. If `wrapped` is `false`, it will be ignored. +namespace | `string` | The URI of the namespace definition. Value MUST be in the form of an absolute URI. +prefix | `string` | The prefix to be used for the [name](#xmlName). +attribute | `boolean` | Declares whether the property definition translates to an attribute instead of an element. Default value is `false`. +wrapped | `boolean` | MAY be used only for an array definition. Signifies whether the array is wrapped (for example, ``) or unwrapped (``). Default value is `false`. The definition takes effect only when defined alongside `type` being `array` (outside the `items`). + +This object MAY be extended with [Specification Extensions](#specificationExtensions). + +##### XML Object Examples + +The examples of the XML object definitions are included inside a property definition of a [Schema Object](#schemaObject) with a sample of the XML representation of it. + +###### No XML Element + +Basic string property: + +```json +{ + "animals": { + "type": "string" + } +} +``` + +```yaml +animals: + type: string +``` + +```xml +... +``` + +Basic string array property ([`wrapped`](#xmlWrapped) is `false` by default): + +```json +{ + "animals": { + "type": "array", + "items": { + "type": "string" + } + } +} +``` + +```yaml +animals: + type: array + items: + type: string +``` + +```xml +... +... +... +``` + +###### XML Name Replacement + +```json +{ + "animals": { + "type": "string", + "xml": { + "name": "animal" + } + } +} +``` + +```yaml +animals: + type: string + xml: + name: animal +``` + +```xml +... +``` + + +###### XML Attribute, Prefix and Namespace + +In this example, a full model definition is shown. + +```json +{ + "Person": { + "type": "object", + "properties": { + "id": { + "type": "integer", + "format": "int32", + "xml": { + "attribute": true + } + }, + "name": { + "type": "string", + "xml": { + "namespace": "http://example.com/schema/sample", + "prefix": "sample" + } + } + } + } +} +``` + +```yaml +Person: + type: object + properties: + id: + type: integer + format: int32 + xml: + attribute: true + name: + type: string + xml: + namespace: http://example.com/schema/sample + prefix: sample +``` + +```xml + + example + +``` + +###### XML Arrays + +Changing the element names: + +```json +{ + "animals": { + "type": "array", + "items": { + "type": "string", + "xml": { + "name": "animal" + } + } + } +} +``` + +```yaml +animals: + type: array + items: + type: string + xml: + name: animal +``` + +```xml +value +value +``` + +The external `name` property has no effect on the XML: + +```json +{ + "animals": { + "type": "array", + "items": { + "type": "string", + "xml": { + "name": "animal" + } + }, + "xml": { + "name": "aliens" + } + } +} +``` + +```yaml +animals: + type: array + items: + type: string + xml: + name: animal + xml: + name: aliens +``` + +```xml +value +value +``` + +Even when the array is wrapped, if a name is not explicitly defined, the same name will be used both internally and externally: + +```json +{ + "animals": { + "type": "array", + "items": { + "type": "string" + }, + "xml": { + "wrapped": true + } + } +} +``` + +```yaml +animals: + type: array + items: + type: string + xml: + wrapped: true +``` + +```xml + + value + value + +``` + +To overcome the naming problem in the example above, the following definition can be used: + +```json +{ + "animals": { + "type": "array", + "items": { + "type": "string", + "xml": { + "name": "animal" + } + }, + "xml": { + "wrapped": true + } + } +} +``` + +```yaml +animals: + type: array + items: + type: string + xml: + name: animal + xml: + wrapped: true +``` + +```xml + + value + value + +``` + +Affecting both internal and external names: + +```json +{ + "animals": { + "type": "array", + "items": { + "type": "string", + "xml": { + "name": "animal" + } + }, + "xml": { + "name": "aliens", + "wrapped": true + } + } +} +``` + +```yaml +animals: + type: array + items: + type: string + xml: + name: animal + xml: + name: aliens + wrapped: true +``` + +```xml + + value + value + +``` + +If we change the external element but not the internal ones: + +```json +{ + "animals": { + "type": "array", + "items": { + "type": "string" + }, + "xml": { + "name": "aliens", + "wrapped": true + } + } +} +``` + +```yaml +animals: + type: array + items: + type: string + xml: + name: aliens + wrapped: true +``` + +```xml + + value + value + +``` + +#### Security Scheme Object + +Defines a security scheme that can be used by the operations. +Supported schemes are HTTP authentication, an API key (either as a header, a cookie parameter or as a query parameter), OAuth2's common flows (implicit, password, client credentials and authorization code) as defined in [RFC6749](https://tools.ietf.org/html/rfc6749), and [OpenID Connect Discovery](https://tools.ietf.org/html/draft-ietf-oauth-discovery-06). + +##### Fixed Fields +Field Name | Type | Applies To | Description +---|:---:|---|--- +type | `string` | Any | **REQUIRED**. The type of the security scheme. Valid values are `"apiKey"`, `"http"`, `"oauth2"`, `"openIdConnect"`. +description | `string` | Any | A short description for security scheme. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. +name | `string` | `apiKey` | **REQUIRED**. The name of the header, query or cookie parameter to be used. +in | `string` | `apiKey` | **REQUIRED**. The location of the API key. Valid values are `"query"`, `"header"` or `"cookie"`. +scheme | `string` | `http` | **REQUIRED**. The name of the HTTP Authorization scheme to be used in the [Authorization header as defined in RFC7235](https://tools.ietf.org/html/rfc7235#section-5.1). The values used SHOULD be registered in the [IANA Authentication Scheme registry](https://www.iana.org/assignments/http-authschemes/http-authschemes.xhtml). +bearerFormat | `string` | `http` (`"bearer"`) | A hint to the client to identify how the bearer token is formatted. Bearer tokens are usually generated by an authorization server, so this information is primarily for documentation purposes. +flows | [OAuth Flows Object](#oauthFlowsObject) | `oauth2` | **REQUIRED**. An object containing configuration information for the flow types supported. +openIdConnectUrl | `string` | `openIdConnect` | **REQUIRED**. OpenId Connect URL to discover OAuth2 configuration values. This MUST be in the form of a URL. + +This object MAY be extended with [Specification Extensions](#specificationExtensions). + +##### Security Scheme Object Example + +###### Basic Authentication Sample + +```json +{ + "type": "http", + "scheme": "basic" +} +``` + +```yaml +type: http +scheme: basic +``` + +###### API Key Sample + +```json +{ + "type": "apiKey", + "name": "api_key", + "in": "header" +} +``` + +```yaml +type: apiKey +name: api_key +in: header +``` + +###### JWT Bearer Sample + +```json +{ + "type": "http", + "scheme": "bearer", + "bearerFormat": "JWT", +} +``` + +```yaml +type: http +scheme: bearer +bearerFormat: JWT +``` + +###### Implicit OAuth2 Sample + +```json +{ + "type": "oauth2", + "flows": { + "implicit": { + "authorizationUrl": "https://example.com/api/oauth/dialog", + "scopes": { + "write:pets": "modify pets in your account", + "read:pets": "read your pets" + } + } + } +} +``` + +```yaml +type: oauth2 +flows: + implicit: + authorizationUrl: https://example.com/api/oauth/dialog + scopes: + write:pets: modify pets in your account + read:pets: read your pets +``` + +#### OAuth Flows Object + +Allows configuration of the supported OAuth Flows. + +##### Fixed Fields +Field Name | Type | Description +---|:---:|--- +implicit| [OAuth Flow Object](#oauthFlowObject) | Configuration for the OAuth Implicit flow +password| [OAuth Flow Object](#oauthFlowObject) | Configuration for the OAuth Resource Owner Password flow +clientCredentials| [OAuth Flow Object](#oauthFlowObject) | Configuration for the OAuth Client Credentials flow. Previously called `application` in OpenAPI 2.0. +authorizationCode| [OAuth Flow Object](#oauthFlowObject) | Configuration for the OAuth Authorization Code flow. Previously called `accessCode` in OpenAPI 2.0. + +This object MAY be extended with [Specification Extensions](#specificationExtensions). + +#### OAuth Flow Object + +Configuration details for a supported OAuth Flow + +##### Fixed Fields +Field Name | Type | Applies To | Description +---|:---:|---|--- +authorizationUrl | `string` | `oauth2` (`"implicit"`, `"authorizationCode"`) | **REQUIRED**. The authorization URL to be used for this flow. This MUST be in the form of a URL. +tokenUrl | `string` | `oauth2` (`"password"`, `"clientCredentials"`, `"authorizationCode"`) | **REQUIRED**. The token URL to be used for this flow. This MUST be in the form of a URL. +refreshUrl | `string` | `oauth2` | The URL to be used for obtaining refresh tokens. This MUST be in the form of a URL. +scopes | Map[`string`, `string`] | `oauth2` | **REQUIRED**. The available scopes for the OAuth2 security scheme. A map between the scope name and a short description for it. The map MAY be empty. + +This object MAY be extended with [Specification Extensions](#specificationExtensions). + +##### OAuth Flow Object Examples + +```JSON +{ + "type": "oauth2", + "flows": { + "implicit": { + "authorizationUrl": "https://example.com/api/oauth/dialog", + "scopes": { + "write:pets": "modify pets in your account", + "read:pets": "read your pets" + } + }, + "authorizationCode": { + "authorizationUrl": "https://example.com/api/oauth/dialog", + "tokenUrl": "https://example.com/api/oauth/token", + "scopes": { + "write:pets": "modify pets in your account", + "read:pets": "read your pets" + } + } + } +} +``` + +```yaml +type: oauth2 +flows: + implicit: + authorizationUrl: https://example.com/api/oauth/dialog + scopes: + write:pets: modify pets in your account + read:pets: read your pets + authorizationCode: + authorizationUrl: https://example.com/api/oauth/dialog + tokenUrl: https://example.com/api/oauth/token + scopes: + write:pets: modify pets in your account + read:pets: read your pets +``` + +#### Security Requirement Object + +Lists the required security schemes to execute this operation. +The name used for each property MUST correspond to a security scheme declared in the [Security Schemes](#componentsSecuritySchemes) under the [Components Object](#componentsObject). + +Security Requirement Objects that contain multiple schemes require that all schemes MUST be satisfied for a request to be authorized. +This enables support for scenarios where multiple query parameters or HTTP headers are required to convey security information. + +When a list of Security Requirement Objects is defined on the [OpenAPI Object](#oasObject) or [Operation Object](#operationObject), only one of the Security Requirement Objects in the list needs to be satisfied to authorize the request. + +##### Patterned Fields + +Field Pattern | Type | Description +---|:---:|--- +{name} | [`string`] | Each name MUST correspond to a security scheme which is declared in the [Security Schemes](#componentsSecuritySchemes) under the [Components Object](#componentsObject). If the security scheme is of type `"oauth2"` or `"openIdConnect"`, then the value is a list of scope names required for the execution, and the list MAY be empty if authorization does not require a specified scope. For other security scheme types, the array MUST be empty. + +##### Security Requirement Object Examples + +###### Non-OAuth2 Security Requirement + +```json +{ + "api_key": [] +} +``` + +```yaml +api_key: [] +``` + +###### OAuth2 Security Requirement + +```json +{ + "petstore_auth": [ + "write:pets", + "read:pets" + ] +} +``` + +```yaml +petstore_auth: +- write:pets +- read:pets +``` + +###### Optional OAuth2 Security + +Optional OAuth2 security as would be defined in an OpenAPI Object or an Operation Object: + +```json +{ + "security": [ + {}, + { + "petstore_auth": [ + "write:pets", + "read:pets" + ] + } + ] +} +``` + +```yaml +security: + - {} + - petstore_auth: + - write:pets + - read:pets +``` + +### Specification Extensions + +While the OpenAPI Specification tries to accommodate most use cases, additional data can be added to extend the specification at certain points. + +The extensions properties are implemented as patterned fields that are always prefixed by `"x-"`. + +Field Pattern | Type | Description +---|:---:|--- +^x- | Any | Allows extensions to the OpenAPI Schema. The field name MUST begin with `x-`, for example, `x-internal-id`. The value can be `null`, a primitive, an array or an object. Can have any valid JSON format value. + +The extensions may or may not be supported by the available tooling, but those may be extended as well to add requested support (if tools are internal or open-sourced). + +### Security Filtering + +Some objects in the OpenAPI Specification MAY be declared and remain empty, or be completely removed, even though they are inherently the core of the API documentation. + +The reasoning is to allow an additional layer of access control over the documentation. +While not part of the specification itself, certain libraries MAY choose to allow access to parts of the documentation based on some form of authentication/authorization. + +Two examples of this: + +1. The [Paths Object](#pathsObject) MAY be empty. It may be counterintuitive, but this may tell the viewer that they got to the right place, but can't access any documentation. They'd still have access to the [Info Object](#infoObject) which may contain additional information regarding authentication. +2. The [Path Item Object](#pathItemObject) MAY be empty. In this case, the viewer will be aware that the path exists, but will not be able to see any of its operations or parameters. This is different from hiding the path itself from the [Paths Object](#pathsObject), because the user will be aware of its existence. This allows the documentation provider to finely control what the viewer can see. + +## Appendix A: Revision History + +Version | Date | Notes +--- | --- | --- +3.0.4 | TBD | Patch release of the OpenAPI Specification 3.0.4 +3.0.3 | 2020-02-20 | Patch release of the OpenAPI Specification 3.0.3 +3.0.2 | 2018-10-08 | Patch release of the OpenAPI Specification 3.0.2 +3.0.1 | 2017-12-06 | Patch release of the OpenAPI Specification 3.0.1 +3.0.0 | 2017-07-26 | Release of the OpenAPI Specification 3.0.0 +3.0.0-rc2 | 2017-06-16 | rc2 of the 3.0 specification +3.0.0-rc1 | 2017-04-27 | rc1 of the 3.0 specification +3.0.0-rc0 | 2017-02-28 | Implementer's Draft of the 3.0 specification +2.0 | 2015-12-31 | Donation of Swagger 2.0 to the OpenAPI Initiative +2.0 | 2014-09-08 | Release of Swagger 2.0 +1.2 | 2014-03-14 | Initial release of the formal document. +1.1 | 2012-08-22 | Release of Swagger 1.1 +1.0 | 2011-08-10 | First release of the Swagger Specification From 1b1b20bb2c1f354692dabf3e534bd7e4c1bb6a11 Mon Sep 17 00:00:00 2001 From: Ralf Handl Date: Sat, 4 Mar 2023 22:18:09 +0100 Subject: [PATCH 002/251] format:base64 doesn't exist -> format:byte (#3182) * format:base64 doesn't exist -> format:byte * Remove lines without format from Data Formats table --- versions/3.0.4.md | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index e15a2071b0..40c71338ad 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -162,10 +162,8 @@ The formats defined by the OAS are: `integer` | `int64` | signed 64 bits (a.k.a long) `number` | `float` | | `number` | `double` | | -`string` | | | `string` | `byte` | base64 encoded characters `string` | `binary` | any sequence of octets -`boolean` | | | `string` | `date` | As defined by `full-date` - [RFC3339](https://xml2rfc.ietf.org/public/rfc/html/rfc3339.html#anchor14) `string` | `date-time` | As defined by `date-time` - [RFC3339](https://xml2rfc.ietf.org/public/rfc/html/rfc3339.html#anchor14) `string` | `password` | A hint to UIs to obscure input. @@ -1446,7 +1444,7 @@ In contrast with the 2.0 specification, `file` input/output content in OpenAPI i # content transferred with base64 encoding schema: type: string - format: base64 + format: byte ``` ```yaml @@ -1537,7 +1535,7 @@ When passing in `multipart` types, boundaries MAY be used to separate sections o * If the property is a primitive, or an array of primitive values, the default Content-Type is `text/plain` * If the property is complex, or an array of complex values, the default Content-Type is `application/json` -* If the property is a `type: string` with `format: binary` or `format: base64` (aka a file object), the default Content-Type is `application/octet-stream` +* If the property is a `type: string` with `format: binary` or `format: byte` (aka a file object), the default Content-Type is `application/octet-stream` Examples: From 4fd8cb333e4a349a571f37a0421b1b3472a4bec2 Mon Sep 17 00:00:00 2001 From: Henry Andrews Date: Sat, 4 Mar 2023 13:19:02 -0800 Subject: [PATCH 003/251] fix: typo in style example (#3180) --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 40c71338ad..30526b2dc5 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -1070,7 +1070,7 @@ The following table shows examples of rendering differences for each value. ----------- | ------ | -------- | -------- | -------- | ------- matrix | false | ;color | ;color=blue | ;color=blue,black,brown | ;color=R,100,G,200,B,150 matrix | true | ;color | ;color=blue | ;color=blue;color=black;color=brown | ;R=100;G=200;B=150 -label | false | . | .blue | .blue.black.brown | .R.100.G.200.B.150 +label | false | . | .blue | .blue,black,brown | .R,100,G,200,B,150 label | true | . | .blue | .blue.black.brown | .R=100.G=200.B=150 form | false | color= | color=blue | color=blue,black,brown | color=R,100,G,200,B,150 form | true | color= | color=blue | color=blue&color=black&color=brown | R=100&G=200&B=150 From 530637ef7ab59f795181a2dd08fcf72608ff4e49 Mon Sep 17 00:00:00 2001 From: Ralf Handl Date: Mon, 6 Mar 2023 13:48:15 +0100 Subject: [PATCH 004/251] Fix for #2167 (#3189) Fixes #2167 --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 30526b2dc5..e1ba8f145d 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -1887,7 +1887,7 @@ $request.path.eventType | myevent $request.query.queryUrl | http://clientdomain.com/stillrunning $request.header.content-Type | application/json $request.body#/failedUrl | http://clientdomain.com/failed -$request.body#/successUrls/2 | http://clientdomain.com/medium +$request.body#/successUrls/1 | http://clientdomain.com/medium $response.header.Location | http://example.org/subscription/1 From 6d935707fcfeee647c27c7afaba1d3cfbef8f82f Mon Sep 17 00:00:00 2001 From: Henry Andrews Date: Mon, 6 Mar 2023 04:49:45 -0800 Subject: [PATCH 005/251] Fix broken RFC links (#3188) The IETF apparenlty decided to redo everything about publishing RFCs, and while most of the old URLs redirect, these ones for RFC 3339 did not. Also, there was a stray trailing '/' that broke another RFC link. --- versions/3.0.4.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index e1ba8f145d..5ec1809e9e 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -164,8 +164,8 @@ The formats defined by the OAS are: `number` | `double` | | `string` | `byte` | base64 encoded characters `string` | `binary` | any sequence of octets -`string` | `date` | As defined by `full-date` - [RFC3339](https://xml2rfc.ietf.org/public/rfc/html/rfc3339.html#anchor14) -`string` | `date-time` | As defined by `date-time` - [RFC3339](https://xml2rfc.ietf.org/public/rfc/html/rfc3339.html#anchor14) +`string` | `date` | As defined by `full-date` - [RFC3339](https://www.rfc-editor.org/rfc/rfc3339#section-5.6) +`string` | `date-time` | As defined by `date-time` - [RFC3339](https://www.rfc-editor.org/rfc/rfc3339#section-5.6) `string` | `password` | A hint to UIs to obscure input. @@ -1523,7 +1523,7 @@ requestBody: properties: {} ``` -In this example, the contents in the `requestBody` MUST be stringified per [RFC1866](https://tools.ietf.org/html/rfc1866/) when passed to the server. In addition, the `address` field complex object will be stringified. +In this example, the contents in the `requestBody` MUST be stringified per [RFC1866](https://tools.ietf.org/html/rfc1866) when passed to the server. In addition, the `address` field complex object will be stringified. When passing complex objects in the `application/x-www-form-urlencoded` content type, the default serialization strategy of such properties is described in the [`Encoding Object`](#encodingObject)'s [`style`](#encodingStyle) property as `form`. From 2b5dff039392285c33f158f8de47de69425f505f Mon Sep 17 00:00:00 2001 From: Jeremy Fiel <32110157+jeremyfiel@users.noreply.github.com> Date: Mon, 6 Mar 2023 07:51:38 -0500 Subject: [PATCH 006/251] fix(docs): update invalid schema property in Encoding Object example (#3178) --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 5ec1809e9e..5ff6037c42 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -1567,7 +1567,7 @@ requestBody: # default Content-Type for arrays is based on the `inner` type (object shown, so `application/json` in this example) type: array items: - type: '#/components/schemas/Address' + $ref: '#/components/schemas/Address' ``` An `encoding` attribute is introduced to give you control over the serialization of parts of `multipart` request bodies. This attribute is _only_ applicable to `multipart` and `application/x-www-form-urlencoded` request bodies. From 9f6daf3436557d6062f041d31b61f41feff775ab Mon Sep 17 00:00:00 2001 From: Ralf Handl Date: Thu, 9 Mar 2023 18:09:47 +0100 Subject: [PATCH 007/251] 3.0.4: fix Link Object example (#3194) Same fix has already been applied to 3.1.1-dev --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 5ff6037c42..dd64c9dff9 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -2061,7 +2061,7 @@ paths: operationId: getUserAddress parameters: # get the `id` field from the request path parameter named `id` - userId: $request.path.id + userid: $request.path.id # the path item of the linked operation /users/{userid}/address: parameters: From e16240681932a6b5f48dd42338ef1749a79b618c Mon Sep 17 00:00:00 2001 From: Henry Andrews Date: Fri, 10 Mar 2023 17:41:47 -0800 Subject: [PATCH 008/251] Clarify the use of "binary" and "byte" formats (#3187) Add a brief explanation as a subsection of Data Types, and update the relevant examples. Specifically: * Don't use `format: byte` for a whole message body * Fix `multipart/mixed` example to be `multipart/form-data` (because `multipart/mixed` does not name its parts and therefore cannot be represented with an object schema) * Add an `application/x-www-form-urlencoded` example, which is where `format: byte` needs to be used --- versions/3.0.4.md | 42 +++++++++++++++++++++++++++++++++--------- 1 file changed, 33 insertions(+), 9 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index dd64c9dff9..95fae014d5 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -162,12 +162,20 @@ The formats defined by the OAS are: `integer` | `int64` | signed 64 bits (a.k.a long) `number` | `float` | | `number` | `double` | | -`string` | `byte` | base64 encoded characters +`string` | `byte` | base64 encoded characters - [RFC4648](https://www.rfc-editor.org/rfc/rfc4648#section-4) `string` | `binary` | any sequence of octets `string` | `date` | As defined by `full-date` - [RFC3339](https://www.rfc-editor.org/rfc/rfc3339#section-5.6) `string` | `date-time` | As defined by `date-time` - [RFC3339](https://www.rfc-editor.org/rfc/rfc3339#section-5.6) `string` | `password` | A hint to UIs to obscure input. +#### Working With Binary Data + +Two formats, `binary` and `byte`, describe different ways to work with binary data: + +* `binary` is used where unencoded binary data is allowed, such as when sending a binary payload as an HTTP message body, or as part of a `multipart/*` payload that allows binary parts +* `byte` is used where binary data is embedded in a text-only format such as `application/json` or `application/x-www-form-urlencoded` + +Note that the encoding indicated by `byte`, which inflates the size of data in order to represent it as 7-bit ASCII text, is unrelated to HTTP's `Content-Encoding` header, which indicates whether and how a message body has been compressed. ### Rich Text Formatting Throughout the specification `description` fields are noted as supporting CommonMark markdown formatting. @@ -1440,13 +1448,6 @@ application/json: In contrast with the 2.0 specification, `file` input/output content in OpenAPI is described with the same semantics as any other schema type. Specifically: -```yaml -# content transferred with base64 encoding -schema: - type: string - format: byte -``` - ```yaml # content transferred in binary (octet-stream): schema: @@ -1537,6 +1538,7 @@ When passing in `multipart` types, boundaries MAY be used to separate sections o * If the property is complex, or an array of complex values, the default Content-Type is `application/json` * If the property is a `type: string` with `format: binary` or `format: byte` (aka a file object), the default Content-Type is `application/octet-stream` +Note that only `multipart/*` media types with named parts can be described as shown here. Note also that while `multipart/form-data` originally defined a per-part `Content-Transfer-Encoding` header that could indicate base64 encoding (`format: byte`), it has been deprecated for use with HTTP as of [RFC7578](https://www.rfc-editor.org/rfc/rfc7578#section-4.7). Examples: @@ -1589,10 +1591,12 @@ This object MAY be extended with [Specification Extensions](#specificationExtens ##### Encoding Object Example +`multipart/form-data` allows for binary parts: + ```yaml requestBody: content: - multipart/mixed: + multipart/form-data: schema: type: object properties: @@ -1627,6 +1631,26 @@ requestBody: type: integer ``` +`application/x-www-form-urlencoded` is a text format, which requires base64-encoding any binary data: + +```YAML +requestBody: + content: + application/x-www-form-urlencoded: + schema: + type: object + properties: + name: + type: string + icon: + # default is text/plain, need to declare an image type only! + type: string + format: byte + encoding: + icon: + contentType: image/png, image/jpeg +``` + #### Responses Object A container for the expected responses of an operation. From def7270bf31ca5db981f4b451aa689640477e17b Mon Sep 17 00:00:00 2001 From: John Charman <102669158+charjr@users.noreply.github.com> Date: Thu, 11 May 2023 16:32:19 +0100 Subject: [PATCH 009/251] Update servers description on Path Item Object (#3259) Co-authored-by: John Charman --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 95fae014d5..42c92833e7 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -753,7 +753,7 @@ Field Name | Type | Description head | [Operation Object](#operationObject) | A definition of a HEAD operation on this path. patch | [Operation Object](#operationObject) | A definition of a PATCH operation on this path. trace | [Operation Object](#operationObject) | A definition of a TRACE operation on this path. -servers | [[Server Object](#serverObject)] | An alternative `server` array to service all operations in this path. +servers | [[Server Object](#serverObject)] | An alternative `server` array to service all operations in this path. If an alternative server object is specified at the Root level, it will be overridden by this value. parameters | [[Parameter Object](#parameterObject) \| [Reference Object](#referenceObject)] | A list of parameters that are applicable for all the operations described under this path. These parameters can be overridden at the operation level, but cannot be removed there. The list MUST NOT include duplicated parameters. A unique parameter is defined by a combination of a [name](#parameterName) and [location](#parameterIn). The list can use the [Reference Object](#referenceObject) to link to parameters that are defined at the [OpenAPI Object's components/parameters](#componentsParameters). From 8397a89c6b227be0d886065fee463c18d1c68a8d Mon Sep 17 00:00:00 2001 From: Henry Andrews Date: Thu, 28 Sep 2023 09:32:37 -0700 Subject: [PATCH 010/251] Settle on "OpenAPI Description" (3.0.4) (#3384) This follows up from a discussion on the OAI slack that decided: * redefining "document" to sometimes mean multiple documents is confusing * "description" has more support than "definition" --- versions/3.0.4.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 42c92833e7..f1be197c5e 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -16,14 +16,14 @@ An OpenAPI definition can then be used by documentation generation tools to disp - [Definitions](#definitions) - - [OpenAPI Document](#oasDocument) + - [OpenAPI Description](#oasDocument) - [Path Templating](#pathTemplating) - [Media Types](#mediaTypes) - [HTTP Status Codes](#httpCodes) - [Specification](#specification) - [Versions](#versions) - [Format](#format) - - [Document Structure](#documentStructure) + - [OpenAPI Description Structure](#documentStructure) - [Data Types](#dataTypes) - [Rich Text Formatting](#richText) - [Relative References In URLs](#relativeReferences) @@ -67,8 +67,8 @@ An OpenAPI definition can then be used by documentation generation tools to disp ## Definitions -##### OpenAPI Document -A document (or set of documents) that defines or describes an API. An OpenAPI definition uses and conforms to the OpenAPI Specification. +##### OpenAPI Description +A document (or set of documents) that describes an API. An OpenAPI Description (OAD) uses and conforms to the OpenAPI Specification. ##### Path Templating Path templating refers to the usage of template expressions, delimited by curly braces ({}), to mark a section of a URL path as replaceable using path parameters. @@ -135,11 +135,11 @@ In order to preserve the ability to round-trip between YAML and JSON formats, YA **Note:** While APIs may be defined by OpenAPI documents in either YAML or JSON format, the API request and response bodies and other content are not required to be JSON or YAML. -### Document Structure +### OpenAPI Description Structure -An OpenAPI document MAY be made up of a single document or be divided into multiple, connected parts at the discretion of the user. In the latter case, `$ref` fields MUST be used in the specification to reference those parts as follows from the [JSON Schema](https://json-schema.org) definitions. +An OpenAPI Description MAY be made up of a single document or be divided into multiple, connected parts at the discretion of the author. In the latter case, `$ref` fields MUST be used in the specification to reference those parts as follows from the [JSON Schema](https://json-schema.org) definitions. In a multi-document description, the document containing the [OpenAPI Object](#oasObject) is known as the **entry OpenAPI document.** -It is RECOMMENDED that the root OpenAPI document be named: `openapi.json` or `openapi.yaml`. +It is RECOMMENDED that the entry OpenAPI document be named: `openapi.json` or `openapi.yaml`. ### Data Types From 043ebf39e2d73ad0f796a073e27d09d51dfec2e7 Mon Sep 17 00:00:00 2001 From: Karen Etheridge Date: Thu, 19 Oct 2023 13:51:49 -0700 Subject: [PATCH 011/251] punctuation fix (#3397) same as #3375 --- versions/3.0.4.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index f1be197c5e..26954b356e 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -743,8 +743,8 @@ The path itself is still exposed to the documentation viewer but they will not k Field Name | Type | Description ---|:---:|--- $ref | `string` | Allows for an external definition of this path item. The referenced structure MUST be in the format of a [Path Item Object](#pathItemObject). In case a Path Item Object field appears both in the defined object and the referenced object, the behavior is undefined. -summary| `string` | An optional, string summary, intended to apply to all operations in this path. -description | `string` | An optional, string description, intended to apply to all operations in this path. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. +summary| `string` | An optional string summary, intended to apply to all operations in this path. +description | `string` | An optional string description, intended to apply to all operations in this path. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. get | [Operation Object](#operationObject) | A definition of a GET operation on this path. put | [Operation Object](#operationObject) | A definition of a PUT operation on this path. post | [Operation Object](#operationObject) | A definition of a POST operation on this path. From 747fe4f791be8c0a2cea4da05238bbf4474415bd Mon Sep 17 00:00:00 2001 From: Ralf Handl Date: Thu, 15 Feb 2024 17:25:01 +0100 Subject: [PATCH 012/251] Copy Versions section from 3.1.1-dev (#3214) --- versions/3.0.4.md | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 26954b356e..065597492e 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -100,15 +100,11 @@ The available status codes are defined by [RFC7231](https://tools.ietf.org/html/ ### Versions -The OpenAPI Specification is versioned using [Semantic Versioning 2.0.0](https://semver.org/spec/v2.0.0.html) (semver) and follows the semver specification. +The OpenAPI Specification is versioned using a `major`.`minor`.`patch` versioning scheme. The `major`.`minor` portion of the version string (for example `3.1`) SHALL designate the OAS feature set. *`.patch`* versions address errors in, or provide clarifications to, this document, not the feature set. Tooling which supports OAS 3.1 SHOULD be compatible with all OAS 3.1.\* versions. The patch version SHOULD NOT be considered by tooling, making no distinction between `3.1.0` and `3.1.1` for example. -The `major`.`minor` portion of the semver (for example `3.0`) SHALL designate the OAS feature set. Typically, *`.patch`* versions address errors in this document, not the feature set. Tooling which supports OAS 3.0 SHOULD be compatible with all OAS 3.0.\* versions. The patch version SHOULD NOT be considered by tooling, making no distinction between `3.0.0` and `3.0.1` for example. +Occasionally, non-backwards compatible changes may be made in `minor` versions of the OAS where impact is believed to be low relative to the benefit provided. -Each new minor version of the OpenAPI Specification SHALL allow any OpenAPI document that is valid against any previous minor version of the Specification, within the same major version, to be updated to the new Specification version with equivalent semantics. Such an update MUST only require changing the `openapi` property to the new minor version. - -For example, a valid OpenAPI 3.0.2 document, upon changing its `openapi` property to `3.1.0`, SHALL be a valid OpenAPI 3.1.0 document, semantically equivalent to the original OpenAPI 3.0.2 document. New minor versions of the OpenAPI Specification MUST be written to ensure this form of backward compatibility. - -An OpenAPI document compatible with OAS 3.\*.\* contains a required [`openapi`](#oasVersion) field which designates the semantic version of the OAS that it uses. (OAS 2.0 documents contain a top-level version field named [`swagger`](https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#swaggerObject) and value `"2.0"`.) +An OpenAPI document compatible with OAS 3.\*.\* contains a required [`openapi`](#oasVersion) field which designates the version of the OAS that it uses. ### Format From d948ced74c71adb6792b477e78f16890571fa65a Mon Sep 17 00:00:00 2001 From: Henry Andrews Date: Thu, 15 Feb 2024 09:43:03 -0800 Subject: [PATCH 013/251] Sync validate-markdown workflow with main (3.0.4) (#3558) * Sync validate-markdown workflow with main (3.0.4) * Match latest environment from main --- .github/workflows/validate-markdown.yaml | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/.github/workflows/validate-markdown.yaml b/.github/workflows/validate-markdown.yaml index a127677452..43050e4870 100644 --- a/.github/workflows/validate-markdown.yaml +++ b/.github/workflows/validate-markdown.yaml @@ -18,10 +18,15 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v1 # checkout repo content - - uses: actions/setup-node@v1 # setup Node.js + - uses: actions/checkout@v4 # checkout repo content with: - node-version: '12.x' + fetch-depth: 0 + - name: use the javascript environment from main + run: | + git checkout remotes/origin/main -- package.json package-lock.json + - uses: actions/setup-node@v4 # setup Node.js + with: + node-version: '20.x' - name: Validate markdown - run: npx mdv versions/3.*.md + run: npx --yes mdv versions/3.*.md From 9f60a0a05416fccb8d7f0dd174c19d84c4843042 Mon Sep 17 00:00:00 2001 From: Karen Etheridge Date: Tue, 5 Dec 2023 20:40:57 -0800 Subject: [PATCH 014/251] whitespace and quoting fixes in json and yaml examples --- versions/3.0.4.md | 230 +++++++++++++++++++++++----------------------- 1 file changed, 114 insertions(+), 116 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 065597492e..845b145f8e 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -641,7 +641,7 @@ components: in: header petstore_auth: type: oauth2 - flows: + flows: implicit: authorizationUrl: http://example.org/api/oauth/dialog scopes: @@ -694,7 +694,7 @@ The following may lead to ambiguous resolution: "get": { "description": "Returns all pets from the system that the user has access to", "responses": { - "200": { + "200": { "description": "A list of pets.", "content": { "application/json": { @@ -816,7 +816,7 @@ get: '200': description: pet response content: - '*/*' : + '*/*': schema: type: array items: @@ -824,7 +824,7 @@ get: default: description: error payload content: - 'text/html': + text/html: schema: $ref: '#/components/schemas/ErrorModel' parameters: @@ -835,7 +835,7 @@ parameters: schema: type: array items: - type: string + type: string style: simple ``` @@ -888,7 +888,7 @@ This object MAY be extended with [Specification Extensions](#specificationExtens "schema": { "type": "object", "properties": { - "name": { + "name": { "description": "Updated name of the pet", "type": "string" }, @@ -897,7 +897,7 @@ This object MAY be extended with [Specification Extensions](#specificationExtens "type": "string" } }, - "required": ["status"] + "required": ["status"] } } } @@ -943,28 +943,28 @@ parameters: type: string requestBody: content: - 'application/x-www-form-urlencoded': + application/x-www-form-urlencoded: schema: properties: - name: - description: Updated name of the pet - type: string - status: - description: Updated status of the pet - type: string + name: + description: Updated name of the pet + type: string + status: + description: Updated status of the pet + type: string required: - status responses: '200': description: Pet updated. - content: - 'application/json': {} - 'application/xml': {} + content: + application/json: {} + application/xml: {} '405': description: Method Not Allowed - content: - 'application/json': {} - 'application/xml': {} + content: + application/json: {} + application/xml: {} security: - petstore_auth: - write:pets @@ -1269,36 +1269,36 @@ A request body with a referenced model definition. "$ref": "#/components/schemas/User" }, "examples": { - "user" : { - "summary": "User Example", - "externalValue": "http://foo.bar/examples/user-example.json" - } + "user" : { + "summary": "User Example", + "externalValue": "http://foo.bar/examples/user-example.json" } + } }, "application/xml": { "schema": { "$ref": "#/components/schemas/User" }, "examples": { - "user" : { - "summary": "User example in XML", - "externalValue": "http://foo.bar/examples/user-example.xml" - } + "user" : { + "summary": "User example in XML", + "externalValue": "http://foo.bar/examples/user-example.xml" } + } }, "text/plain": { "examples": { "user" : { - "summary": "User example in Plain text", - "externalValue": "http://foo.bar/examples/user-example.txt" + "summary": "User example in Plain text", + "externalValue": "http://foo.bar/examples/user-example.txt" } - } + } }, "*/*": { "examples": { "user" : { - "summary": "User example in other format", - "externalValue": "http://foo.bar/examples/user-example.whatever" + "summary": "User example in other format", + "externalValue": "http://foo.bar/examples/user-example.whatever" } } } @@ -1308,31 +1308,31 @@ A request body with a referenced model definition. ```yaml description: user to add to the system -content: - 'application/json': +content: + application/json: schema: $ref: '#/components/schemas/User' examples: user: summary: User Example - externalValue: 'http://foo.bar/examples/user-example.json' - 'application/xml': + externalValue: http://foo.bar/examples/user-example.json + application/xml: schema: $ref: '#/components/schemas/User' examples: user: summary: User Example in XML - externalValue: 'http://foo.bar/examples/user-example.xml' - 'text/plain': + externalValue: http://foo.bar/examples/user-example.xml + text/plain: examples: user: summary: User example in text plain format - externalValue: 'http://foo.bar/examples/user-example.txt' + externalValue: http://foo.bar/examples/user-example.txt '*/*': examples: - user: + user: summary: User example in other format - externalValue: 'http://foo.bar/examples/user-example.whatever' + externalValue: http://foo.bar/examples/user-example.whatever ``` A body parameter that is an array of string values: @@ -1383,32 +1383,31 @@ This object MAY be extended with [Specification Extensions](#specificationExtens { "application/json": { "schema": { - "$ref": "#/components/schemas/Pet" + "$ref": "#/components/schemas/Pet" }, "examples": { "cat" : { "summary": "An example of a cat", - "value": - { - "name": "Fluffy", - "petType": "Cat", - "color": "White", - "gender": "male", - "breed": "Persian" - } + "value": { + "name": "Fluffy", + "petType": "Cat", + "color": "White", + "gender": "male", + "breed": "Persian" + } }, "dog": { "summary": "An example of a dog with a cat's name", - "value" : { + "value" : { "name": "Puma", "petType": "Dog", "color": "Black", "gender": "Female", "breed": "Mixed" - }, - "frog": { - "$ref": "#/components/examples/frog-example" } + }, + "frog": { + "$ref": "#/components/examples/frog-example" } } } @@ -1416,7 +1415,7 @@ This object MAY be extended with [Specification Extensions](#specificationExtens ``` ```yaml -application/json: +application/json: schema: $ref: "#/components/schemas/Pet" examples: @@ -1479,7 +1478,7 @@ requestBody: 'image/png': schema: type: string - format: binary + format: binary ``` To upload multiple files, a `multipart` media type MUST be used: @@ -1706,7 +1705,7 @@ A 200 response for a successful operation and a default response for others (imp ```yaml '200': description: a pet to be returned - content: + content: application/json: schema: $ref: '#/components/schemas/Pet' @@ -1754,9 +1753,9 @@ Response of an array of a complex type: ```yaml description: A complex object array response -content: +content: application/json: - schema: + schema: type: array items: $ref: '#/components/schemas/VeryComplexType' @@ -1774,7 +1773,6 @@ Response with a string type: } } } - } ``` @@ -1890,7 +1888,7 @@ Content-Length: 187 "http://clientdomain.com/fast", "http://clientdomain.com/medium", "http://clientdomain.com/slow" - ] + ] } 201 Created @@ -1921,8 +1919,8 @@ myCallback: post: requestBody: description: Callback payload - content: - 'application/json': + content: + application/json: schema: $ref: '#/components/schemas/SomePayload' responses: @@ -1938,8 +1936,8 @@ transactionCallback: post: requestBody: description: Callback payload - content: - 'application/json': + content: + application/json: schema: $ref: '#/components/schemas/SomePayload' responses: @@ -1973,36 +1971,36 @@ requestBody: 'application/json': schema: $ref: '#/components/schemas/Address' - examples: + examples: foo: summary: A foo example value: {"foo": "bar"} bar: summary: A bar example value: {"bar": "baz"} - 'application/xml': - examples: + application/xml: + examples: xmlExample: summary: This is an example in XML - externalValue: 'http://example.org/examples/address-example.xml' - 'text/plain': + externalValue: https://example.org/examples/address-example.xml + text/plain: examples: - textExample: + textExample: summary: This is a text example - externalValue: 'http://foo.bar/examples/address-example.txt' + externalValue: http://foo.bar/examples/address-example.txt ``` In a parameter: ```yaml parameters: - - name: 'zipCode' - in: 'query' + - name: zipCode + in: query schema: - type: 'string' - format: 'zip-code' + type: string + format: zip-code examples: - zip-example: + zip-example: $ref: '#/components/examples/zip-example' ``` @@ -2012,7 +2010,7 @@ In a response: responses: '200': description: your car appointment has been booked - content: + content: application/json: schema: $ref: '#/components/schemas/SuccessResponse' @@ -2060,7 +2058,7 @@ paths: - name: id in: path required: true - description: the user identifier, as userId + description: the user identifier, as userId schema: type: string get: @@ -2088,7 +2086,7 @@ paths: - name: userid in: path required: true - description: the user identifier, as userId + description: the user identifier, as userId schema: type: string # linked operation @@ -2137,7 +2135,7 @@ or an absolute `operationRef`: links: UserRepositories: # returns array of '#/components/schemas/repository' - operationRef: 'https://na2.gigantic-server.com/#/paths/~12.0~1repositories~1{username}/get' + operationRef: https://na2.gigantic-server.com/#/paths/~12.0~1repositories~1{username}/get parameters: username: $response.body#/username ``` @@ -2154,22 +2152,22 @@ This mechanism is used by [Link Objects](#linkObject) and [Callback Objects](#ca The runtime expression is defined by the following [ABNF](https://tools.ietf.org/html/rfc5234) syntax ```abnf - expression = ( "$url" / "$method" / "$statusCode" / "$request." source / "$response." source ) - source = ( header-reference / query-reference / path-reference / body-reference ) - header-reference = "header." token - query-reference = "query." name - path-reference = "path." name - body-reference = "body" ["#" json-pointer ] - json-pointer = *( "/" reference-token ) - reference-token = *( unescaped / escaped ) - unescaped = %x00-2E / %x30-7D / %x7F-10FFFF - ; %x2F ('/') and %x7E ('~') are excluded from 'unescaped' - escaped = "~" ( "0" / "1" ) - ; representing '~' and '/', respectively - name = *( CHAR ) - token = 1*tchar - tchar = "!" / "#" / "$" / "%" / "&" / "'" / "*" / "+" / "-" / "." / - "^" / "_" / "`" / "|" / "~" / DIGIT / ALPHA + expression = ( "$url" / "$method" / "$statusCode" / "$request." source / "$response." source ) + source = ( header-reference / query-reference / path-reference / body-reference ) + header-reference = "header." token + query-reference = "query." name + path-reference = "path." name + body-reference = "body" ["#" json-pointer ] + json-pointer = *( "/" reference-token ) + reference-token = *( unescaped / escaped ) + unescaped = %x00-2E / %x30-7D / %x7F-10FFFF + ; %x2F ('/') and %x7E ('~') are excluded from 'unescaped' + escaped = "~" ( "0" / "1" ) + ; representing '~' and '/', respectively + name = *( CHAR ) + token = 1*tchar + tchar = "!" / "#" / "$" / "%" / "&" / "'" / "*" / "+" / "-" / "." / + "^" / "_" / "`" / "|" / "~" / DIGIT / ALPHA ``` Here, `json-pointer` is taken from [RFC 6901](https://tools.ietf.org/html/rfc6901), `char` from [RFC 7159](https://tools.ietf.org/html/rfc7159#section-7) and `token` from [RFC 7230](https://tools.ietf.org/html/rfc7230#section-3.2.6). @@ -2238,8 +2236,8 @@ This object MAY be extended with [Specification Extensions](#specificationExtens ```json { - "name": "pet", - "description": "Pets operations" + "name": "pet", + "description": "Pets operations" } ``` @@ -2268,7 +2266,7 @@ This object cannot be extended with additional properties and any properties add ```json { - "$ref": "#/components/schemas/Pet" + "$ref": "#/components/schemas/Pet" } ``` @@ -2676,7 +2674,7 @@ components: required: - name - petType - Cat: ## "Cat" will be used as the discriminator value + Cat: # "Cat" will be used as the discriminator value description: A representation of a cat allOf: - $ref: '#/components/schemas/Pet' @@ -2692,7 +2690,7 @@ components: - aggressive required: - huntingSkill - Dog: ## "Dog" will be used as the discriminator value + Dog: # "Dog" will be used as the discriminator value description: A representation of a dog allOf: - $ref: '#/components/schemas/Pet' @@ -2764,12 +2762,12 @@ MyResponseType: - $ref: '#/components/schemas/Cat' - $ref: '#/components/schemas/Dog' - $ref: '#/components/schemas/Lizard' - - $ref: 'https://gigantic-server.com/schemas/Monster/schema.json' + - $ref: https://gigantic-server.com/schemas/Monster/schema.json discriminator: propertyName: petType mapping: dog: '#/components/schemas/Dog' - monster: 'https://gigantic-server.com/schemas/Monster/schema.json' + monster: https://gigantic-server.com/schemas/Monster/schema.json ``` Here the discriminator _value_ of `dog` will map to the schema `#/components/schemas/Dog`, rather than the default (implicit) value of `Dog`. If the discriminator _value_ does not match an implicit or explicit mapping, no schema can be determined and validation SHOULD fail. Mapping keys MUST be string values, but tooling MAY convert response values to strings for comparison. @@ -2869,9 +2867,9 @@ Basic string property: ```json { - "animals": { - "type": "string" - } + "animals": { + "type": "string" + } } ``` @@ -2888,12 +2886,12 @@ Basic string array property ([`wrapped`](#xmlWrapped) is `false` by default): ```json { - "animals": { - "type": "array", - "items": { - "type": "string" - } + "animals": { + "type": "array", + "items": { + "type": "string" } + } } ``` @@ -3280,7 +3278,7 @@ bearerFormat: JWT ```yaml type: oauth2 -flows: +flows: implicit: authorizationUrl: https://example.com/api/oauth/dialog scopes: @@ -3343,7 +3341,7 @@ This object MAY be extended with [Specification Extensions](#specificationExtens ```yaml type: oauth2 -flows: +flows: implicit: authorizationUrl: https://example.com/api/oauth/dialog scopes: @@ -3354,7 +3352,7 @@ flows: tokenUrl: https://example.com/api/oauth/token scopes: write:pets: modify pets in your account - read:pets: read your pets + read:pets: read your pets ``` #### Security Requirement Object From ead2a11eba31484d9516dfd8c85eae7dffeff69c Mon Sep 17 00:00:00 2001 From: Shilpa Padgaonkar <77152136+shilpa-padgaonkar@users.noreply.github.com> Date: Sat, 24 Feb 2024 09:27:04 +0100 Subject: [PATCH 015/251] Fix incorrect OpenIDConnect discovery url Fixes #3152 --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 845b145f8e..3db4347a87 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -3195,7 +3195,7 @@ animals: #### Security Scheme Object Defines a security scheme that can be used by the operations. -Supported schemes are HTTP authentication, an API key (either as a header, a cookie parameter or as a query parameter), OAuth2's common flows (implicit, password, client credentials and authorization code) as defined in [RFC6749](https://tools.ietf.org/html/rfc6749), and [OpenID Connect Discovery](https://tools.ietf.org/html/draft-ietf-oauth-discovery-06). +Supported schemes are HTTP authentication, an API key (either as a header, a cookie parameter or as a query parameter), OAuth2's common flows (implicit, password, client credentials and authorization code) as defined in [RFC6749](https://tools.ietf.org/html/rfc6749), and [OpenID Connect Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html). ##### Fixed Fields Field Name | Type | Applies To | Description From 90ebe8098a9c81bb29a4ac4106c3d4378509f3f7 Mon Sep 17 00:00:00 2001 From: Shilpa Padgaonkar <77152136+shilpa-padgaonkar@users.noreply.github.com> Date: Mon, 4 Mar 2024 10:20:24 +0100 Subject: [PATCH 016/251] changed ref and url -Update 3.0.4.md --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 3db4347a87..1c40bbb750 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -3195,7 +3195,7 @@ animals: #### Security Scheme Object Defines a security scheme that can be used by the operations. -Supported schemes are HTTP authentication, an API key (either as a header, a cookie parameter or as a query parameter), OAuth2's common flows (implicit, password, client credentials and authorization code) as defined in [RFC6749](https://tools.ietf.org/html/rfc6749), and [OpenID Connect Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html). +Supported schemes are HTTP authentication, an API key (either as a header, a cookie parameter or as a query parameter), OAuth2's common flows (implicit, password, client credentials and authorization code) as defined in [RFC6749](https://tools.ietf.org/html/rfc6749), and [OpenID Connect Core](https://openid.net/specs/openid-connect-core-1_0.html). ##### Fixed Fields Field Name | Type | Applies To | Description From 2b3889f33eb6d2ef02314bdfd93cf0bcb82170e7 Mon Sep 17 00:00:00 2001 From: John Charman Date: Thu, 28 Mar 2024 10:32:03 +0000 Subject: [PATCH 017/251] Update Spec for Style Values --- versions/3.0.4.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 1c40bbb750..2cdafe5f54 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -1053,9 +1053,9 @@ In order to support common ways of serializing simple parameters, a set of `styl matrix | `primitive`, `array`, `object` | `path` | Path-style parameters defined by [RFC6570](https://tools.ietf.org/html/rfc6570#section-3.2.7) label | `primitive`, `array`, `object` | `path` | Label style parameters defined by [RFC6570](https://tools.ietf.org/html/rfc6570#section-3.2.5) form | `primitive`, `array`, `object` | `query`, `cookie` | Form style parameters defined by [RFC6570](https://tools.ietf.org/html/rfc6570#section-3.2.8). This option replaces `collectionFormat` with a `csv` (when `explode` is false) or `multi` (when `explode` is true) value from OpenAPI 2.0. -simple | `array` | `path`, `header` | Simple style parameters defined by [RFC6570](https://tools.ietf.org/html/rfc6570#section-3.2.2). This option replaces `collectionFormat` with a `csv` value from OpenAPI 2.0. -spaceDelimited | `array` | `query` | Space separated array values. This option replaces `collectionFormat` equal to `ssv` from OpenAPI 2.0. -pipeDelimited | `array` | `query` | Pipe separated array values. This option replaces `collectionFormat` equal to `pipes` from OpenAPI 2.0. +simple | `primitive`, `array`, `object` | `path`, `header` | Simple style parameters defined by [RFC6570](https://tools.ietf.org/html/rfc6570#section-3.2.2). This option replaces `collectionFormat` with a `csv` value from OpenAPI 2.0. +spaceDelimited | `array`, `object` | `query` | Space separated array values or object properties and values. This option replaces `collectionFormat` equal to `ssv` from OpenAPI 2.0. +pipeDelimited | `array`, `object` | `query` | Pipe separated array values or object properties and values. This option replaces `collectionFormat` equal to `pipes` from OpenAPI 2.0. deepObject | `object` | `query` | Provides a simple way of rendering nested objects using form parameters. From 9eee465aa368f1a256055ee037b7a66a0aa606e3 Mon Sep 17 00:00:00 2001 From: Lorna Jane Mitchell Date: Sun, 7 Apr 2024 14:46:11 +0100 Subject: [PATCH 018/251] Backport improved OpenAPI specification intro paragraph from 3.1.1 (original PR #3387) --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 1c40bbb750..6b139e8313 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -68,7 +68,7 @@ An OpenAPI definition can then be used by documentation generation tools to disp ## Definitions ##### OpenAPI Description -A document (or set of documents) that describes an API. An OpenAPI Description (OAD) uses and conforms to the OpenAPI Specification. +An OpenAPI Description (OAD) formally describes the surface of an API and its semantics. It is composed of an [entry document](#documentStructure) and any/all of its referenced documents. An OAD uses and conforms to the OpenAPI Specification. ##### Path Templating Path templating refers to the usage of template expressions, delimited by curly braces ({}), to mark a section of a URL path as replaceable using path parameters. From 71a1f70eafdd17b926f785fa66693119b18195f4 Mon Sep 17 00:00:00 2001 From: Lorna Jane Mitchell Date: Sun, 7 Apr 2024 14:53:49 +0100 Subject: [PATCH 019/251] Improve password field data description (original PR 3413) --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 1c40bbb750..80421fd248 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -162,7 +162,7 @@ The formats defined by the OAS are: `string` | `binary` | any sequence of octets `string` | `date` | As defined by `full-date` - [RFC3339](https://www.rfc-editor.org/rfc/rfc3339#section-5.6) `string` | `date-time` | As defined by `date-time` - [RFC3339](https://www.rfc-editor.org/rfc/rfc3339#section-5.6) -`string` | `password` | A hint to UIs to obscure input. +`string` | `password` | A hint to obscure the value. #### Working With Binary Data From aba4103ff03b183ecb1069922f127701b7bd0494 Mon Sep 17 00:00:00 2001 From: Bellangelo Date: Mon, 15 Apr 2024 03:03:35 +0300 Subject: [PATCH 020/251] path.id is not a url --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index ca69bddc6b..49d144898d 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -2035,7 +2035,7 @@ Field Name | Type | Description ---|:---:|--- operationRef | `string` | A relative or absolute URI reference to an OAS operation. This field is mutually exclusive of the `operationId` field, and MUST point to an [Operation Object](#operationObject). Relative `operationRef` values MAY be used to locate an existing [Operation Object](#operationObject) in the OpenAPI definition. operationId | `string` | The name of an _existing_, resolvable OAS operation, as defined with a unique `operationId`. This field is mutually exclusive of the `operationRef` field. -parameters | Map[`string`, Any \| [{expression}](#runtimeExpression)] | A map representing parameters to pass to an operation as specified with `operationId` or identified via `operationRef`. The key is the parameter name to be used, whereas the value can be a constant or an expression to be evaluated and passed to the linked operation. The parameter name can be qualified using the [parameter location](#parameterIn) `[{in}.]{name}` for operations that use the same parameter name in different locations (e.g. path.id). +parameters | Map[`string`, Any \| [{expression}](#runtimeExpression)] | A map representing parameters to pass to an operation as specified with `operationId` or identified via `operationRef`. The key is the parameter name to be used, whereas the value can be a constant or an expression to be evaluated and passed to the linked operation. The parameter name can be qualified using the [parameter location](#parameterIn) `[{in}.]{name}` for operations that use the same parameter name in different locations (e.g. path\.id). requestBody | Any \| [{expression}](#runtimeExpression) | A literal value or [{expression}](#runtimeExpression) to use as a request body when calling the target operation. description | `string` | A description of the link. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. server | [Server Object](#serverObject) | A server object to be used by the target operation. From 157f0333896923741304a0c604a14b41bae39474 Mon Sep 17 00:00:00 2001 From: Lorna Jane Mitchell Date: Thu, 18 Apr 2024 17:17:51 +0100 Subject: [PATCH 021/251] Apply improved wording around status codes from 3.1.1 (original PR #2630) (#3699) --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index effa7eca15..9bab2e150e 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -94,7 +94,7 @@ Some examples of possible media type definitions: ``` ##### HTTP Status Codes The HTTP Status Codes are used to indicate the status of the executed operation. -The available status codes are defined by [RFC7231](https://tools.ietf.org/html/rfc7231#section-6) and registered status codes are listed in the [IANA Status Code Registry](https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml). +Status codes SHOULD be selected from the available status codes registered in the [IANA Status Code Registry](https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml). ## Specification From f1a2887d444196e6d75ec9fb37e7c1946b0630ce Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Fri, 19 Apr 2024 12:41:17 -0700 Subject: [PATCH 022/251] Explain default Encoding Object behavior If no Encoding Object is provided, the behavior is the same as an empty Encoding Object, as none of its fields are required. --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 9bab2e150e..03ed118bf3 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -1373,7 +1373,7 @@ Field Name | Type | Description schema | [Schema Object](#schemaObject) \| [Reference Object](#referenceObject) | The schema defining the content of the request, response, or parameter. example | Any | Example of the media type. The example object SHOULD be in the correct format as specified by the media type. The `example` field is mutually exclusive of the `examples` field. Furthermore, if referencing a `schema` which contains an example, the `example` value SHALL _override_ the example provided by the schema. examples | Map[ `string`, [Example Object](#exampleObject) \| [Reference Object](#referenceObject)] | Examples of the media type. Each example object SHOULD match the media type and specified schema if present. The `examples` field is mutually exclusive of the `example` field. Furthermore, if referencing a `schema` which contains an example, the `examples` value SHALL _override_ the example provided by the schema. -encoding | Map[`string`, [Encoding Object](#encodingObject)] | A map between a property name and its encoding information. The key, being the property name, MUST exist in the schema as a property. The encoding object SHALL only apply to `requestBody` objects when the media type is `multipart` or `application/x-www-form-urlencoded`. +encoding | Map[`string`, [Encoding Object](#encodingObject)] | A map between a property name and its encoding information. The key, being the property name, MUST exist in the schema as a property. The encoding object SHALL only apply to `requestBody` objects when the media type is `multipart` or `application/x-www-form-urlencoded`. If no Encoding Object is provided for a relevant parameter, the behavior is determined by the default values documented for the Encoding Object. This object MAY be extended with [Specification Extensions](#specificationExtensions). From 28faf0ffbe6fd1eafce537b5a9c2fee90693171f Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Fri, 19 Apr 2024 14:45:12 -0700 Subject: [PATCH 023/251] Clarify spaceDelimited with spaces in values The OAS does not define how to avoid collisions between parameter values and style delimiters. Mostly, this is straightforward, but the need to URL encode space characters introduces extra confusion. Make it clear that managing this occurs outside of the use of style, and is the responsibility of users. --- versions/3.0.4.md | 1 + 1 file changed, 1 insertion(+) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 9bab2e150e..08016dbdaf 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -1058,6 +1058,7 @@ spaceDelimited | `array`, `object` | `query` | Space separated array values or o pipeDelimited | `array`, `object` | `query` | Pipe separated array values or object properties and values. This option replaces `collectionFormat` equal to `pipes` from OpenAPI 2.0. deepObject | `object` | `query` | Provides a simple way of rendering nested objects using form parameters. +The behavior of applying a style that uses a delimiter to data containing that delimiter is not defined, and is therefore NOT RECOMMENDED. To ensure interoperability, any such delimiter characters need to be escaped prior to serializing with the style, and unescaped after parsing. In the case of `spaceDelimited`, care must be taken to avoid confusing interactions with URL parameter encoding of spaces. ##### Style Examples From 8d7ca20ff917580f1669cce9cafb066d18bfa60f Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Fri, 19 Apr 2024 17:57:22 -0700 Subject: [PATCH 024/251] Clarify wording on encoding field The previous wording could be read to only restrict what sort of request bodies could use an Encoding Object, while allowing that it could be used with other entities that use a Media Type Object. This emphasizes that it is only relevant to Request Body Objects, and within that, only for specific media types. --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 9bab2e150e..e64e9a0e4b 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -1373,7 +1373,7 @@ Field Name | Type | Description schema | [Schema Object](#schemaObject) \| [Reference Object](#referenceObject) | The schema defining the content of the request, response, or parameter. example | Any | Example of the media type. The example object SHOULD be in the correct format as specified by the media type. The `example` field is mutually exclusive of the `examples` field. Furthermore, if referencing a `schema` which contains an example, the `example` value SHALL _override_ the example provided by the schema. examples | Map[ `string`, [Example Object](#exampleObject) \| [Reference Object](#referenceObject)] | Examples of the media type. Each example object SHOULD match the media type and specified schema if present. The `examples` field is mutually exclusive of the `example` field. Furthermore, if referencing a `schema` which contains an example, the `examples` value SHALL _override_ the example provided by the schema. -encoding | Map[`string`, [Encoding Object](#encodingObject)] | A map between a property name and its encoding information. The key, being the property name, MUST exist in the schema as a property. The encoding object SHALL only apply to `requestBody` objects when the media type is `multipart` or `application/x-www-form-urlencoded`. +encoding | Map[`string`, [Encoding Object](#encodingObject)] | A map between a property name and its encoding information. The key, being the property name, MUST exist in the schema as a property. The encoding object SHALL only apply to [Request Body Objects](#requestBodyObject), and only when the media type is `multipart` or `application/x-www-form-urlencoded`. This object MAY be extended with [Specification Extensions](#specificationExtensions). From 8532ea60534e9e20ede41dcd9b025f180d7a9fe0 Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Sat, 20 Apr 2024 12:59:10 -0700 Subject: [PATCH 025/251] Non-string discriminator values have undefined behavior The "undefined" wording was chosen to allow implementations that make a good-faith effort to accommodate non-string values to remain compliant. However, new implementations are not expected to implement any sort of type coersion, and this guides API designers away from that expectation. --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 9bab2e150e..5d0e6b746f 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -2718,7 +2718,7 @@ Field Name | Type | Description propertyName | `string` | **REQUIRED**. The name of the property in the payload that will hold the discriminator value. mapping | Map[`string`, `string`] | An object to hold mappings between payload values and schema names or references. -The discriminator object is legal only when using one of the composite keywords `oneOf`, `anyOf`, `allOf`. +The discriminator object is legal only when using one of the composite keywords `oneOf`, `anyOf`, `allOf`. Note that because the discrinating property's value is used as a component name and/or as the key in the `mapping` object, the behavior of any value that is not a string is undefined. In OAS 3.0, a response payload MAY be described to be exactly one of any number of types: From 074b654e106b5529894770197e8ad38237ab364e Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Sat, 20 Apr 2024 14:30:44 -0700 Subject: [PATCH 026/251] Clarify how to model streaming binary data --- versions/3.0.4.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 9bab2e150e..318fddddfe 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -171,6 +171,8 @@ Two formats, `binary` and `byte`, describe different ways to work with binary da * `binary` is used where unencoded binary data is allowed, such as when sending a binary payload as an HTTP message body, or as part of a `multipart/*` payload that allows binary parts * `byte` is used where binary data is embedded in a text-only format such as `application/json` or `application/x-www-form-urlencoded` +The `maxLength` keyword can be used to set an upper bound on the length of a binary payload; otherwise, a binary payload SHOULD be interpreted as a stream of indeterminate length. + Note that the encoding indicated by `byte`, which inflates the size of data in order to represent it as 7-bit ASCII text, is unrelated to HTTP's `Content-Encoding` header, which indicates whether and how a message body has been compressed. ### Rich Text Formatting From 01ef28a792dea4f9494a5c0247640a0061ac6dcf Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Sat, 20 Apr 2024 16:21:15 -0700 Subject: [PATCH 027/251] Correctly escape example operationRef URLs --- versions/3.0.4.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 9bab2e150e..61cab0f245 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -2124,7 +2124,7 @@ field in an [Operation Object](#operationObject)), references MAY also be made t links: UserRepositories: # returns array of '#/components/schemas/repository' - operationRef: '#/paths/~12.0~1repositories~1{username}/get' + operationRef: '#/paths/~12.0~1repositories~1%7Busername%7D/get' parameters: username: $response.body#/username ``` @@ -2135,13 +2135,14 @@ or an absolute `operationRef`: links: UserRepositories: # returns array of '#/components/schemas/repository' - operationRef: https://na2.gigantic-server.com/#/paths/~12.0~1repositories~1{username}/get + operationRef: https://na2.gigantic-server.com/#/paths/~12.0~1repositories~1%7Busername%7D/get parameters: username: $response.body#/username ``` Note that in the use of `operationRef`, the _escaped forward-slash_ is necessary when -using JSON references. +using JSON Pointers, and it is necessary to URL-encode `{` and `}` as `%7B` and `%7D`, respectively when +using JSON Pointers as URI fragments. ##### Runtime Expressions From cb0e8c686f61b8d21c3793a64e405b0aa4adba4b Mon Sep 17 00:00:00 2001 From: Henry Andrews Date: Mon, 22 Apr 2024 08:16:11 -0700 Subject: [PATCH 028/251] Fix typo (review feedback) Co-authored-by: Ralf Handl --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 5d0e6b746f..1bb8d7edb8 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -2718,7 +2718,7 @@ Field Name | Type | Description propertyName | `string` | **REQUIRED**. The name of the property in the payload that will hold the discriminator value. mapping | Map[`string`, `string`] | An object to hold mappings between payload values and schema names or references. -The discriminator object is legal only when using one of the composite keywords `oneOf`, `anyOf`, `allOf`. Note that because the discrinating property's value is used as a component name and/or as the key in the `mapping` object, the behavior of any value that is not a string is undefined. +The discriminator object is legal only when using one of the composite keywords `oneOf`, `anyOf`, `allOf`. Note that because the discriminating property's value is used as a component name and/or as the key in the `mapping` object, the behavior of any value that is not a string is undefined. In OAS 3.0, a response payload MAY be described to be exactly one of any number of types: From 1e3f50689fa371defa49675b210e38bae3cd2d6b Mon Sep 17 00:00:00 2001 From: Henry Andrews Date: Tue, 23 Apr 2024 08:20:52 -0700 Subject: [PATCH 029/251] Wording improvement from review feedback. Co-authored-by: Mike Kistler --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index e64e9a0e4b..0f6eabc581 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -1373,7 +1373,7 @@ Field Name | Type | Description schema | [Schema Object](#schemaObject) \| [Reference Object](#referenceObject) | The schema defining the content of the request, response, or parameter. example | Any | Example of the media type. The example object SHOULD be in the correct format as specified by the media type. The `example` field is mutually exclusive of the `examples` field. Furthermore, if referencing a `schema` which contains an example, the `example` value SHALL _override_ the example provided by the schema. examples | Map[ `string`, [Example Object](#exampleObject) \| [Reference Object](#referenceObject)] | Examples of the media type. Each example object SHOULD match the media type and specified schema if present. The `examples` field is mutually exclusive of the `example` field. Furthermore, if referencing a `schema` which contains an example, the `examples` value SHALL _override_ the example provided by the schema. -encoding | Map[`string`, [Encoding Object](#encodingObject)] | A map between a property name and its encoding information. The key, being the property name, MUST exist in the schema as a property. The encoding object SHALL only apply to [Request Body Objects](#requestBodyObject), and only when the media type is `multipart` or `application/x-www-form-urlencoded`. +encoding | Map[`string`, [Encoding Object](#encodingObject)] | A map between a property name and its encoding information. The key, being the property name, MUST exist in the schema as a property. The encoding attribute SHALL only apply to [Request Body Objects](#requestBodyObject), and only when the media type is `multipart` or `application/x-www-form-urlencoded`. This object MAY be extended with [Specification Extensions](#specificationExtensions). From 60f2fcd79f7f1636ce4dc32f15f6ec83fe014cab Mon Sep 17 00:00:00 2001 From: Henry Andrews Date: Tue, 23 Apr 2024 08:55:12 -0700 Subject: [PATCH 030/251] Improved wording from review feedback. Co-authored-by: Mike Kistler --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 03ed118bf3..e513c4ef48 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -1373,7 +1373,7 @@ Field Name | Type | Description schema | [Schema Object](#schemaObject) \| [Reference Object](#referenceObject) | The schema defining the content of the request, response, or parameter. example | Any | Example of the media type. The example object SHOULD be in the correct format as specified by the media type. The `example` field is mutually exclusive of the `examples` field. Furthermore, if referencing a `schema` which contains an example, the `example` value SHALL _override_ the example provided by the schema. examples | Map[ `string`, [Example Object](#exampleObject) \| [Reference Object](#referenceObject)] | Examples of the media type. Each example object SHOULD match the media type and specified schema if present. The `examples` field is mutually exclusive of the `example` field. Furthermore, if referencing a `schema` which contains an example, the `examples` value SHALL _override_ the example provided by the schema. -encoding | Map[`string`, [Encoding Object](#encodingObject)] | A map between a property name and its encoding information. The key, being the property name, MUST exist in the schema as a property. The encoding object SHALL only apply to `requestBody` objects when the media type is `multipart` or `application/x-www-form-urlencoded`. If no Encoding Object is provided for a relevant parameter, the behavior is determined by the default values documented for the Encoding Object. +encoding | Map[`string`, [Encoding Object](#encodingObject)] | A map between a property name and its encoding information. The key, being the property name, MUST exist in the schema as a property. The encoding attribute SHALL only apply to `requestBody` objects when the media type is `multipart` or `application/x-www-form-urlencoded`. If no Encoding Object is provided for a property, the behavior is determined by the default values documented for the Encoding Object. This object MAY be extended with [Specification Extensions](#specificationExtensions). From d932562e4e63e7d6273a3fbdbf90801375f64915 Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Wed, 24 Apr 2024 09:58:04 -0700 Subject: [PATCH 031/251] Make wording consistent (review feedback) --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 0f6eabc581..69bf717f74 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -1567,7 +1567,7 @@ requestBody: $ref: '#/components/schemas/Address' ``` -An `encoding` attribute is introduced to give you control over the serialization of parts of `multipart` request bodies. This attribute is _only_ applicable to `multipart` and `application/x-www-form-urlencoded` request bodies. +An `encoding` attribute is introduced to give you control over the serialization of parts of `multipart` request bodies. This attribute is _only_ applicable to request bodies, and _only_ for `multipart` and `application/x-www-form-urlencoded` media types. #### Encoding Object From 11ba729788a84f8b370551a62d316d1941c4e086 Mon Sep 17 00:00:00 2001 From: Karen Etheridge Date: Wed, 24 Apr 2024 17:17:26 -0700 Subject: [PATCH 032/251] fix style=form examples These should have the parameter name in the resulting string (see issue #3737). --- versions/3.0.4.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 9bab2e150e..5a31b1f9e3 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -1080,8 +1080,8 @@ form | false | color= | color=blue | color=blue,black,brown | color=R,100,G,200, form | true | color= | color=blue | color=blue&color=black&color=brown | R=100&G=200&B=150 simple | false | n/a | blue | blue,black,brown | R,100,G,200,B,150 simple | true | n/a | blue | blue,black,brown | R=100,G=200,B=150 -spaceDelimited | false | n/a | n/a | blue%20black%20brown | R%20100%20G%20200%20B%20150 -pipeDelimited | false | n/a | n/a | blue\|black\|brown | R\|100\|G\|200\|B\|150 +spaceDelimited | false | n/a | n/a | color=blue%20black%20brown | color=R%20100%20G%20200%20B%20150 +pipeDelimited | false | n/a | n/a | color=blue\|black\|brown | color=R\|100\|G\|200\|B\|150 deepObject | true | n/a | n/a | n/a | color[R]=100&color[G]=200&color[B]=150 This object MAY be extended with [Specification Extensions](#specificationExtensions). From b1a75ff3746e78e50609c0bb7dbd313d40946e57 Mon Sep 17 00:00:00 2001 From: Karen Etheridge Date: Thu, 21 Sep 2023 19:46:39 -0700 Subject: [PATCH 033/251] switch the order of these styles in the tables This is a more natural grouping of similar types, making the data much easier to read. --- versions/3.0.4.md | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 9bab2e150e..c2a7ec9438 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -1048,12 +1048,12 @@ Field Name | Type | Description In order to support common ways of serializing simple parameters, a set of `style` values are defined. -`style` | [`type`](#dataTypes) | `in` | Comments +`style` | [`type`](#dataTypes) | `in` | Comments ----------- | ------ | -------- | -------- -matrix | `primitive`, `array`, `object` | `path` | Path-style parameters defined by [RFC6570](https://tools.ietf.org/html/rfc6570#section-3.2.7) -label | `primitive`, `array`, `object` | `path` | Label style parameters defined by [RFC6570](https://tools.ietf.org/html/rfc6570#section-3.2.5) -form | `primitive`, `array`, `object` | `query`, `cookie` | Form style parameters defined by [RFC6570](https://tools.ietf.org/html/rfc6570#section-3.2.8). This option replaces `collectionFormat` with a `csv` (when `explode` is false) or `multi` (when `explode` is true) value from OpenAPI 2.0. -simple | `primitive`, `array`, `object` | `path`, `header` | Simple style parameters defined by [RFC6570](https://tools.ietf.org/html/rfc6570#section-3.2.2). This option replaces `collectionFormat` with a `csv` value from OpenAPI 2.0. +matrix | `primitive`, `array`, `object` | `path` | Path-style parameters defined by [RFC6570](https://tools.ietf.org/html/rfc6570#section-3.2.7) +label | `primitive`, `array`, `object` | `path` | Label style parameters defined by [RFC6570](https://tools.ietf.org/html/rfc6570#section-3.2.5) +simple | `primitive`, `array`, `object` | `path`, `header` | Simple style parameters defined by [RFC6570](https://tools.ietf.org/html/rfc6570#section-3.2.2). This option replaces `collectionFormat` with a `csv` value from OpenAPI 2.0. +form | `primitive`, `array`, `object` | `query`, `cookie` | Form style parameters defined by [RFC6570](https://tools.ietf.org/html/rfc6570#section-3.2.8). This option replaces `collectionFormat` with a `csv` (when `explode` is false) or `multi` (when `explode` is true) value from OpenAPI 2.0. spaceDelimited | `array`, `object` | `query` | Space separated array values or object properties and values. This option replaces `collectionFormat` equal to `ssv` from OpenAPI 2.0. pipeDelimited | `array`, `object` | `query` | Pipe separated array values or object properties and values. This option replaces `collectionFormat` equal to `pipes` from OpenAPI 2.0. deepObject | `object` | `query` | Provides a simple way of rendering nested objects using form parameters. @@ -1074,12 +1074,12 @@ The following table shows examples of rendering differences for each value. ----------- | ------ | -------- | -------- | -------- | ------- matrix | false | ;color | ;color=blue | ;color=blue,black,brown | ;color=R,100,G,200,B,150 matrix | true | ;color | ;color=blue | ;color=blue;color=black;color=brown | ;R=100;G=200;B=150 -label | false | . | .blue | .blue,black,brown | .R,100,G,200,B,150 -label | true | . | .blue | .blue.black.brown | .R=100.G=200.B=150 -form | false | color= | color=blue | color=blue,black,brown | color=R,100,G,200,B,150 -form | true | color= | color=blue | color=blue&color=black&color=brown | R=100&G=200&B=150 +label | false | . | .blue | .blue,black,brown | .R,100,G,200,B,150 +label | true | . | .blue | .blue.black.brown | .R=100.G=200.B=150 simple | false | n/a | blue | blue,black,brown | R,100,G,200,B,150 simple | true | n/a | blue | blue,black,brown | R=100,G=200,B=150 +form | false | color= | color=blue | color=blue,black,brown | color=R,100,G,200,B,150 +form | true | color= | color=blue | color=blue&color=black&color=brown | R=100&G=200&B=150 spaceDelimited | false | n/a | n/a | blue%20black%20brown | R%20100%20G%20200%20B%20150 pipeDelimited | false | n/a | n/a | blue\|black\|brown | R\|100\|G\|200\|B\|150 deepObject | true | n/a | n/a | n/a | color[R]=100&color[G]=200&color[B]=150 From aace8d62543a1d5f0baed31d44ad7a9bad919a46 Mon Sep 17 00:00:00 2001 From: Henry Andrews Date: Thu, 25 Apr 2024 14:01:14 -0700 Subject: [PATCH 034/251] Explain how maxLength applies to raw binary Co-authored-by: Ralf Handl --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 318fddddfe..86eb5a48b7 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -171,7 +171,7 @@ Two formats, `binary` and `byte`, describe different ways to work with binary da * `binary` is used where unencoded binary data is allowed, such as when sending a binary payload as an HTTP message body, or as part of a `multipart/*` payload that allows binary parts * `byte` is used where binary data is embedded in a text-only format such as `application/json` or `application/x-www-form-urlencoded` -The `maxLength` keyword can be used to set an upper bound on the length of a binary payload; otherwise, a binary payload SHOULD be interpreted as a stream of indeterminate length. +The `maxLength` keyword can be used to set an upper bound on the length (in octets) of a binary payload; otherwise, a binary payload SHOULD be interpreted as a stream of indeterminate length. Note that the encoding indicated by `byte`, which inflates the size of data in order to represent it as 7-bit ASCII text, is unrelated to HTTP's `Content-Encoding` header, which indicates whether and how a message body has been compressed. From 0c4aef71edd80c3ae6a35c36a28fda14bed8150e Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Fri, 26 Apr 2024 09:22:15 -0700 Subject: [PATCH 035/251] Include streaming string data, other wording improvements. --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 86eb5a48b7..cc53550d85 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -171,7 +171,7 @@ Two formats, `binary` and `byte`, describe different ways to work with binary da * `binary` is used where unencoded binary data is allowed, such as when sending a binary payload as an HTTP message body, or as part of a `multipart/*` payload that allows binary parts * `byte` is used where binary data is embedded in a text-only format such as `application/json` or `application/x-www-form-urlencoded` -The `maxLength` keyword can be used to set an upper bound on the length (in octets) of a binary payload; otherwise, a binary payload SHOULD be interpreted as a stream of indeterminate length. +The `maxLength` keyword MAY be used to set an expected upper bound on the length of a streaming payload. The keyword can be applied to either string data, including encoded binary data, or to unencoded binary data. For unencoded binary, the length is the number of octets. Note that the encoding indicated by `byte`, which inflates the size of data in order to represent it as 7-bit ASCII text, is unrelated to HTTP's `Content-Encoding` header, which indicates whether and how a message body has been compressed. From 3abface75f1243d6b87b53bf12bd38f2d55ae0ab Mon Sep 17 00:00:00 2001 From: Lorna Mitchell Date: Wed, 1 May 2024 08:49:38 +0100 Subject: [PATCH 036/251] Backport case insensitivity note for security schemes from #2644 into v3.0.4 --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 9d6038de27..b2f7abacfc 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -3208,7 +3208,7 @@ Field Name | Type | Applies To | Description description | `string` | Any | A short description for security scheme. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. name | `string` | `apiKey` | **REQUIRED**. The name of the header, query or cookie parameter to be used. in | `string` | `apiKey` | **REQUIRED**. The location of the API key. Valid values are `"query"`, `"header"` or `"cookie"`. -scheme | `string` | `http` | **REQUIRED**. The name of the HTTP Authorization scheme to be used in the [Authorization header as defined in RFC7235](https://tools.ietf.org/html/rfc7235#section-5.1). The values used SHOULD be registered in the [IANA Authentication Scheme registry](https://www.iana.org/assignments/http-authschemes/http-authschemes.xhtml). +scheme | `string` | `http` | **REQUIRED**. The name of the HTTP Authorization scheme to be used in the [Authorization header as defined in RFC7235](https://tools.ietf.org/html/rfc7235#section-5.1). The values used SHOULD be registered in the [IANA Authentication Scheme registry](https://www.iana.org/assignments/http-authschemes/http-authschemes.xhtml). The value is case-insensitive. bearerFormat | `string` | `http` (`"bearer"`) | A hint to the client to identify how the bearer token is formatted. Bearer tokens are usually generated by an authorization server, so this information is primarily for documentation purposes. flows | [OAuth Flows Object](#oauthFlowsObject) | `oauth2` | **REQUIRED**. An object containing configuration information for the flow types supported. openIdConnectUrl | `string` | `openIdConnect` | **REQUIRED**. OpenId Connect URL to discover OAuth2 configuration values. This MUST be in the form of a URL. From d40bf2bed62da1d36890ec490228e00573aaf3b1 Mon Sep 17 00:00:00 2001 From: Lorna Mitchell Date: Wed, 1 May 2024 09:31:36 +0100 Subject: [PATCH 037/251] Backport a clarification about deepObject to 3.0.4 --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 9d6038de27..87c01df1c7 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -1058,7 +1058,7 @@ simple | `primitive`, `array`, `object` | `path`, `header` | Simple style parame form | `primitive`, `array`, `object` | `query`, `cookie` | Form style parameters defined by [RFC6570](https://tools.ietf.org/html/rfc6570#section-3.2.8). This option replaces `collectionFormat` with a `csv` (when `explode` is false) or `multi` (when `explode` is true) value from OpenAPI 2.0. spaceDelimited | `array`, `object` | `query` | Space separated array values or object properties and values. This option replaces `collectionFormat` equal to `ssv` from OpenAPI 2.0. pipeDelimited | `array`, `object` | `query` | Pipe separated array values or object properties and values. This option replaces `collectionFormat` equal to `pipes` from OpenAPI 2.0. -deepObject | `object` | `query` | Provides a simple way of rendering nested objects using form parameters. +deepObject | `object` | `query` | Allows objects with scalar properties to be represented using form parameters. The representation of array or object properties is not defined. The behavior of applying a style that uses a delimiter to data containing that delimiter is not defined, and is therefore NOT RECOMMENDED. To ensure interoperability, any such delimiter characters need to be escaped prior to serializing with the style, and unescaped after parsing. In the case of `spaceDelimited`, care must be taken to avoid confusing interactions with URL parameter encoding of spaces. From 011010155fd32ee3f45815189406cc90a31c993f Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Fri, 3 May 2024 11:45:48 -0700 Subject: [PATCH 038/251] Define "undefined" and "implementation-defined" (3.0.4) Undefined means "don't use this even if it seems to work, as there are cases where it won't." Implementation-defined means "this isn't portable or interoperable, but it is still correct." --- versions/3.0.4.md | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 1a013759b5..cc83fbdfb5 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -96,6 +96,19 @@ Some examples of possible media type definitions: The HTTP Status Codes are used to indicate the status of the executed operation. Status codes SHOULD be selected from the available status codes registered in the [IANA Status Code Registry](https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml). +##### Undefined and Implementation-Defined Behavior + +This specification deems certain situations to have either _undefined_ or _implementation-defined_ behavior. + +Behavior described as _undefined_ is likely, at least in some circumstances, to contradict the specification. +This description is used when detecting the contradiction is impossible or impractical. +Implementations MAY support undefined scenarios for historical reasons, including ambiguous text in prior versions of the specification. +This support might produce correct outcomes in many cases, but relying on it is NOT RECOMMENDED as there is no guarantee that it will work across all tools or with future specification versions, even if those versions are otherwise strictly compatible with this one. + +Behavior described as _implementation-defined_ allows implementations to choose which of several different-but-compliant approaches to a requirement to implement. +This documents ambiguous requirements that API description authors are RECOMMENDED to avoid in order to maximize interoperability. +Unlike undefined behavior, it is safe to rely on implementation-defined behavior if _and only if_ it can be guaranteed that all relevant tools support the same behavior. + ## Specification ### Versions @@ -147,7 +160,7 @@ Models are defined using the [Schema Object](#schemaObject), which is an extende Primitives have an optional modifier property: `format`. OAS uses several known formats to define in fine detail the data type being used. However, to support documentation needs, the `format` property is an open `string`-valued property, and can have any value. -Formats such as `"email"`, `"uuid"`, and so on, MAY be used even though undefined by this specification. +Formats such as `"email"`, `"uuid"`, and so on, MAY be used even though they are not defined by this specification. Types that are not accompanied by a `format` property follow the type definition in the JSON Schema. Tools that do not recognize a specific `format` MAY default back to the `type` alone, as if the `format` is not specified. The formats defined by the OAS are: From 0eccb527d08c3b72c91802d3108f31c27d0765da Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Fri, 26 Apr 2024 13:02:31 -0700 Subject: [PATCH 039/251] Clarify constraints on Parameter Object fields This makes the relational requirements of `content` vs `schema` and associated fields more clear. The mutual exclusivity requirement is moved up to the top of the Fixed Fields section, and each table table is given a subsection clarifying its meaning. This makes it easier to follow the multi-table format, which is unusual within the OAS. The commentary on `example` and `examples` is moved to the section on `schema` and related parameters as it appears to only apply in that case. --- versions/3.0.4.md | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 0ddae3b85c..32c6cecc0d 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -1016,6 +1016,14 @@ There are four possible parameter locations specified by the `in` field: ##### Fixed Fields + +The rules for serialization of the parameter are specified in one of two ways. +Parameter Objects MUST include either a `content` field or a `schema` field, but not both. + +###### Common Fixed Fields + +These fields MAY be used with either `content` or `schema`. + Field Name | Type | Description ---|:---:|--- name | `string` | **REQUIRED**. The name of the parameter. Parameter names are *case sensitive*.
  • If [`in`](#parameterIn) is `"path"`, the `name` field MUST correspond to a template expression occurring within the [path](#pathsPath) field in the [Paths Object](#pathsObject). See [Path Templating](#pathTemplating) for further information.
  • If [`in`](#parameterIn) is `"header"` and the `name` field is `"Accept"`, `"Content-Type"` or `"Authorization"`, the parameter definition SHALL be ignored.
  • For all other cases, the `name` corresponds to the parameter name used by the [`in`](#parameterIn) property.
@@ -1025,8 +1033,10 @@ Field Name | Type | Description deprecated | `boolean` | Specifies that a parameter is deprecated and SHOULD be transitioned out of usage. Default value is `false`. allowEmptyValue | `boolean` | Sets the ability to pass empty-valued parameters. This is valid only for `query` parameters and allows sending a parameter with an empty value. Default value is `false`. If [`style`](#parameterStyle) is used, and if behavior is `n/a` (cannot be serialized), the value of `allowEmptyValue` SHALL be ignored. Use of this property is NOT RECOMMENDED, as it is likely to be removed in a later revision. -The rules for serialization of the parameter are specified in one of two ways. +###### Fixed Fields for use with `schema` + For simpler scenarios, a [`schema`](#parameterSchema) and [`style`](#parameterStyle) can describe the structure and syntax of the parameter. +When `example` or `examples` are provided in conjunction with the `schema` object, the example MUST follow the prescribed serialization strategy for the parameter. Field Name | Type | Description ---|:---:|--- @@ -1037,10 +1047,9 @@ Field Name | Type | Description example | Any | Example of the parameter's potential value. The example SHOULD match the specified schema and encoding properties if present. The `example` field is mutually exclusive of the `examples` field. Furthermore, if referencing a `schema` that contains an example, the `example` value SHALL _override_ the example provided by the schema. To represent examples of media types that cannot naturally be represented in JSON or YAML, a string value can contain the example with escaping where necessary. examples | Map[ `string`, [Example Object](#exampleObject) \| [Reference Object](#referenceObject)] | Examples of the parameter's potential value. Each example SHOULD contain a value in the correct format as specified in the parameter encoding. The `examples` field is mutually exclusive of the `example` field. Furthermore, if referencing a `schema` that contains an example, the `examples` value SHALL _override_ the example provided by the schema. -For more complex scenarios, the [`content`](#parameterContent) property can define the media type and schema of the parameter. -A parameter MUST contain either a `schema` property, or a `content` property, but not both. -When `example` or `examples` are provided in conjunction with the `schema` object, the example MUST follow the prescribed serialization strategy for the parameter. +###### Fixed Fields and considerations for use with `content` +For more complex scenarios, the [`content`](#parameterContent) property can define the media type and schema of the parameter, as well as give examples of it use. Field Name | Type | Description ---|:---:|--- From b6f44daba609a689138f5fecd37380498d32966e Mon Sep 17 00:00:00 2001 From: Ralf Handl Date: Tue, 7 May 2024 16:45:05 +0200 Subject: [PATCH 040/251] Sync .gitignore from main --- .gitignore | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitignore b/.gitignore index 88e134ab28..a19835db8f 100644 --- a/.gitignore +++ b/.gitignore @@ -5,4 +5,6 @@ target atlassian-ide-plugin.xml node_modules/ +deploy/ +history Gemfile.lock From d5fccc55fcc8c9055e42f510e4f04e259afad10d Mon Sep 17 00:00:00 2001 From: Henry Andrews Date: Wed, 8 May 2024 07:39:41 -0700 Subject: [PATCH 041/251] Review feedback from notEthan and ralfhandl Co-authored-by: Ralf Handl --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index cc83fbdfb5..a02364069d 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -100,7 +100,7 @@ Status codes SHOULD be selected from the available status codes registered in th This specification deems certain situations to have either _undefined_ or _implementation-defined_ behavior. -Behavior described as _undefined_ is likely, at least in some circumstances, to contradict the specification. +Behavior described as _undefined_ is likely, at least in some circumstances, to result in outcomes that contradict the specification. This description is used when detecting the contradiction is impossible or impractical. Implementations MAY support undefined scenarios for historical reasons, including ambiguous text in prior versions of the specification. This support might produce correct outcomes in many cases, but relying on it is NOT RECOMMENDED as there is no guarantee that it will work across all tools or with future specification versions, even if those versions are otherwise strictly compatible with this one. From 48a953fb09361eccad3b8b997ab00a8b43b1f5d7 Mon Sep 17 00:00:00 2001 From: Ralf Handl Date: Tue, 14 May 2024 12:19:58 +0200 Subject: [PATCH 042/251] Link for case insensitivity of auth scheme and correct expansion of "auth" --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index f699703abf..2842b07e06 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -3230,7 +3230,7 @@ Field Name | Type | Applies To | Description description | `string` | Any | A short description for security scheme. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. name | `string` | `apiKey` | **REQUIRED**. The name of the header, query or cookie parameter to be used. in | `string` | `apiKey` | **REQUIRED**. The location of the API key. Valid values are `"query"`, `"header"` or `"cookie"`. -scheme | `string` | `http` | **REQUIRED**. The name of the HTTP Authorization scheme to be used in the [Authorization header as defined in RFC7235](https://tools.ietf.org/html/rfc7235#section-5.1). The values used SHOULD be registered in the [IANA Authentication Scheme registry](https://www.iana.org/assignments/http-authschemes/http-authschemes.xhtml). The value is case-insensitive. +scheme | `string` | `http` | **REQUIRED**. The name of the HTTP Authentication scheme to be used in the [Authorization header as defined in RFC7235](https://tools.ietf.org/html/rfc7235#section-5.1). The values used SHOULD be registered in the [IANA Authentication Scheme registry](https://www.iana.org/assignments/http-authschemes/http-authschemes.xhtml). The value is case-insensitive, as defined in [RFC7235](https://datatracker.ietf.org/doc/html/rfc7235#section-2.1). bearerFormat | `string` | `http` (`"bearer"`) | A hint to the client to identify how the bearer token is formatted. Bearer tokens are usually generated by an authorization server, so this information is primarily for documentation purposes. flows | [OAuth Flows Object](#oauthFlowsObject) | `oauth2` | **REQUIRED**. An object containing configuration information for the flow types supported. openIdConnectUrl | `string` | `openIdConnect` | **REQUIRED**. OpenId Connect URL to discover OAuth2 configuration values. This MUST be in the form of a URL. From c4482f3a4f2402448b725f0b009684610bd73fa2 Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Tue, 14 May 2024 10:56:24 -0700 Subject: [PATCH 043/251] Fix "it" -> "its" typo This was missed in the 3.0.4 PR for this change, but caught in the 3.1.1 and 3.2.0 versions. --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index f699703abf..8869380606 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -1062,7 +1062,7 @@ Field Name | Type | Description ###### Fixed Fields and considerations for use with `content` -For more complex scenarios, the [`content`](#parameterContent) property can define the media type and schema of the parameter, as well as give examples of it use. +For more complex scenarios, the [`content`](#parameterContent) property can define the media type and schema of the parameter, as well as give examples of its use. Field Name | Type | Description ---|:---:|--- From 8096aa0eb96bf9c1fe14c22fd931c2a79d012273 Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Thu, 16 May 2024 11:30:27 -0700 Subject: [PATCH 044/251] Clarify allowEmptyValue -> disregard empty values This clarifies the meaning of `allowEmptyValue` as discussed in today'd TDC call. It is intended to indicate an agreement between the client and server to use zero-length string values as an indicator of unused fields. --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index b125dab467..1e3a779eae 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -1044,7 +1044,7 @@ Field Name | Type | Description description | `string` | A brief description of the parameter. This could contain examples of use. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. required | `boolean` | Determines whether this parameter is mandatory. If the [parameter location](#parameterIn) is `"path"`, this property is **REQUIRED** and its value MUST be `true`. Otherwise, the property MAY be included and its default value is `false`. deprecated | `boolean` | Specifies that a parameter is deprecated and SHOULD be transitioned out of usage. Default value is `false`. - allowEmptyValue | `boolean` | Sets the ability to pass empty-valued parameters. This is valid only for `query` parameters and allows sending a parameter with an empty value. Default value is `false`. If [`style`](#parameterStyle) is used, and if behavior is `n/a` (cannot be serialized), the value of `allowEmptyValue` SHALL be ignored. Use of this property is NOT RECOMMENDED, as it is likely to be removed in a later revision. + allowEmptyValue | `boolean` | If `true`, clients MAY pass a zero-length string value in place of parameters that would otherwise be omitted entirely, which the server SHOULD interpret as the parameter being unused. Default value is `false`. If [`style`](#parameterStyle) is used, and if behavior is `n/a` (cannot be serialized), the value of `allowEmptyValue` SHALL be ignored. Interactions between this field and the parameter's [Schema Object](#schemaObject) are implementation-defined. This field is valid only for `query` parameters. Use of this property is NOT RECOMMENDED, and it is likely to be removed in a later revision. ###### Fixed Fields for use with `schema` From 32c92aad7e3b36fbf86d57eee178345d1fa97945 Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Sat, 20 Apr 2024 20:44:52 -0700 Subject: [PATCH 045/251] Limit interoperable parsing expectations As discovered through the OASComply project, certain referencing scenarios are ambiguous, with different authorities holding contradictory interpretations regarding whether and how they are to be supported. As a result, it is impossible to define compliance, as all of the interpretations can be argued to be "correct" in some sense. This change excludes some particularly challenging scenarios from compliance testing by making their behavior explicitly implementation-defined. This has several benefits: * No current implementation is rendered non-compliant * No currently usable OAD is rendered invalid * New implementers need not put effort into handling these scenarios * User expectations are set to _not_ expect consistent behavior * Linters can write a rule to match these expectations * Everyone is guided towards straightforwad best practices Includes substantially better wording from ralfhandl from review comments for the 3.1.1 version of this change. Co-authored-by: Ralf Handl --- versions/3.0.4.md | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index b125dab467..d56ec0b108 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -146,10 +146,20 @@ In order to preserve the ability to round-trip between YAML and JSON formats, YA ### OpenAPI Description Structure -An OpenAPI Description MAY be made up of a single document or be divided into multiple, connected parts at the discretion of the author. In the latter case, `$ref` fields MUST be used in the specification to reference those parts as follows from the [JSON Schema](https://json-schema.org) definitions. In a multi-document description, the document containing the [OpenAPI Object](#oasObject) is known as the **entry OpenAPI document.** +An OpenAPI Description (OAD) MAY be made up of a single document or be divided into multiple, connected parts at the discretion of the author. In the latter case, [Reference Object](#referenceObject), [Path Item Object](#pathItemObject) and [Schema Object](#schemaObject) `$ref` keywords, as well as the [Link Object](#linkObject) `operationRef` keyword, are used. In a multi-document description, the document containing the [OpenAPI Object](#oasObject) is known as the **entry OpenAPI document.** It is RECOMMENDED that the entry OpenAPI document be named: `openapi.json` or `openapi.yaml`. +#### Structural Interoperability + +When parsing an OAD, JSON or YAML objects are parsed into specific Objects (such as [Operation Objects](#operationObject), [Response Objects](#responseObject), [Reference Objects](#referenceObject), etc.) based on the parsing context. Depending on how references are arranged, a given JSON or YAML object can be parsed in multiple different contexts: + +* As a full OpenAPI Description document (an [OpenAPI Object](#oasObject) taking up an entire document) +* As the Object type implied by its parent Object within the document +* As a reference target, with the Object type matching the reference source's context + +If the same JSON/YAML object is parsed multiple times and the respective contexts require it to be parsed as _different_ Object types, the resulting behavior is _implementation defined_, and MAY be treated as an error if detected. An example would be referencing an empty Schema Object under `#/components/schemas` where a Path Item Object is expected, as an empty object is valid for both types. For maximum interoperability, it is RECOMMENDED that OpenAPI Description authors avoid such scenarios. + ### Data Types Primitive data types in the OAS are based on the types supported by the [JSON Schema Specification Wright Draft 00](https://tools.ietf.org/html/draft-wright-json-schema-00#section-4.2). From 5573dc6e544c2101204803cae13b0039b9b1364a Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Thu, 16 May 2024 11:59:49 -0700 Subject: [PATCH 046/251] Schema Object does not have $ref in 3.0 --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index d56ec0b108..7b1845c06d 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -146,7 +146,7 @@ In order to preserve the ability to round-trip between YAML and JSON formats, YA ### OpenAPI Description Structure -An OpenAPI Description (OAD) MAY be made up of a single document or be divided into multiple, connected parts at the discretion of the author. In the latter case, [Reference Object](#referenceObject), [Path Item Object](#pathItemObject) and [Schema Object](#schemaObject) `$ref` keywords, as well as the [Link Object](#linkObject) `operationRef` keyword, are used. In a multi-document description, the document containing the [OpenAPI Object](#oasObject) is known as the **entry OpenAPI document.** +An OpenAPI Description (OAD) MAY be made up of a single document or be divided into multiple, connected parts at the discretion of the author. In the latter case, [Reference Object](#referenceObject) and [Path Item Object](#pathItemObject) `$ref` keywords, as well as the [Link Object](#linkObject) `operationRef` keyword, are used. In a multi-document description, the document containing the [OpenAPI Object](#oasObject) is known as the **entry OpenAPI document.** It is RECOMMENDED that the entry OpenAPI document be named: `openapi.json` or `openapi.yaml`. From 7e3b58bb53db34cb8a10a2705c28020282eeb71e Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Sun, 19 May 2024 11:42:51 -0700 Subject: [PATCH 047/251] Clarify discriminator + oneOf/anyOf/allOf usage (3.0.4) This moves some guidance up to the fixed fields section where it is more obvious, and explicitly designates other configurations as having undefined behavior. --- versions/3.0.4.md | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index b125dab467..1707fe8059 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -2744,7 +2744,11 @@ Field Name | Type | Description propertyName | `string` | **REQUIRED**. The name of the property in the payload that will hold the discriminator value. mapping | Map[`string`, `string`] | An object to hold mappings between payload values and schema names or references. -The discriminator object is legal only when using one of the composite keywords `oneOf`, `anyOf`, `allOf`. Note that because the discriminating property's value is used as a component name and/or as the key in the `mapping` object, the behavior of any value that is not a string is undefined. +The discriminator object is legal only when using one of the composite keywords `oneOf`, `anyOf`, `allOf`. +In both the `oneOf` and `anyOf` use cases, where those keywords are adjacent to `discriminator`, all possible schemas MUST be listed explicitly. +To avoid redundancy, the discriminator MAY be added to a parent schema definition, and all schemas comprising the parent schema in an `allOf` construct may be used as an alternate schema. +The behavior of any other configuration of `oneOf`, `anyOf`, `allOf` and `discriminator` is undefined. +Note also that because the discriminating property's value is used as a component name and/or as the key in the `mapping` object, the behavior of any value that is not a string is undefined. In OAS 3.0, a response payload MAY be described to be exactly one of any number of types: @@ -2800,9 +2804,7 @@ Here the discriminator _value_ of `dog` will map to the schema `#/components/sch When used in conjunction with the `anyOf` construct, the use of the discriminator can avoid ambiguity where multiple schemas may satisfy a single payload. -In both the `oneOf` and `anyOf` use cases, all possible schemas MUST be listed explicitly. To avoid redundancy, the discriminator MAY be added to a parent schema definition, and all schemas comprising the parent schema in an `allOf` construct may be used as an alternate schema. - -For example: +This example shows the `allOf` usage, which avoids needing to reference all child schemas in the parent: ```yaml components: From 0bb754129f3e84d44fe85303f372efc9d0de453a Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Mon, 20 May 2024 17:43:54 -0700 Subject: [PATCH 048/251] More discriminator guidance consolidation This creates subsections to organize the different topics, pulls key guidance out of the examples and up into those sections, and provides clarification on the ambiguity of names and URIs. --- versions/3.0.4.md | 30 ++++++++++++++++++++++-------- 1 file changed, 22 insertions(+), 8 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 1707fe8059..e8f384cc71 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -2734,21 +2734,35 @@ components: #### Discriminator Object -When request bodies or response payloads may be one of a number of different schemas, a `discriminator` object can be used to aid in serialization, deserialization, and validation. The discriminator is a specific object in a schema which is used to inform the consumer of the specification of an alternative schema based on the value associated with it. - -When using the discriminator, _inline_ schemas will not be considered. +When request bodies or response payloads may be one of a number of different schemas, a Discriminator Object can be used to aid in serialization, deserialization, and validation. +It does this by implicitly or explicitly associating the possible values of a named property with alternative schemas. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- propertyName | `string` | **REQUIRED**. The name of the property in the payload that will hold the discriminator value. - mapping | Map[`string`, `string`] | An object to hold mappings between payload values and schema names or references. + mapping | Map[`string`, `string`] | An object to hold mappings between payload values and schema names or URI references. -The discriminator object is legal only when using one of the composite keywords `oneOf`, `anyOf`, `allOf`. +##### Conditions for Using the Discriminator Object +The Discriminator Object is legal only when using one of the composite keywords `oneOf`, `anyOf`, `allOf`. In both the `oneOf` and `anyOf` use cases, where those keywords are adjacent to `discriminator`, all possible schemas MUST be listed explicitly. To avoid redundancy, the discriminator MAY be added to a parent schema definition, and all schemas comprising the parent schema in an `allOf` construct may be used as an alternate schema. -The behavior of any other configuration of `oneOf`, `anyOf`, `allOf` and `discriminator` is undefined. -Note also that because the discriminating property's value is used as a component name and/or as the key in the `mapping` object, the behavior of any value that is not a string is undefined. +It is implementation-defined as to whether all named [Schema Objects](#schemaObject) under the [Components Object](#componentsObject), or only those that are otherwise directly referenced are searched for matching `allOf` references. +However, it is RECOMMENDED to search all named schemas in the Components Object because it is common with the `allOf` usage for other parts of the API to only directly reference the parent schema (that contains the `discriminator`). + +The behavior of any configuration of `oneOf`, `anyOf`, `allOf` and `discriminator` that is not described above is undefined. + +##### Options for Mapping Values to Schemas +The value of the property named in `propertyName` is is used as the name of the associated schema under the [Components Object](#componentsObject), _unless_ a `mapping` is present for that value. +The `mapping` entry maps a specific property value to either a different schema component name, or to a schema identified by a URI. +When using implicit or explicit schema component names, inline `oneOf` or `anyOf` subschemas are not considered. +The behavior of a `mapping` value that is both a valid schema name and a valid relative URI reference is implementation-defined, but it is RECOMMENDED that it be treated as a schema name. +To ensure that an ambiguous value (e.g. `"foo"`) is treated as a relative URI reference by all implementations, authors MUST prefix it with the `"."` path segment (e.g. `"./foo"`). + +Mapping keys MUST be string values, but tooling MAY convert response values to strings for comparison. +However, the exact nature of such conversions are implementation-defined. + +##### Examples In OAS 3.0, a response payload MAY be described to be exactly one of any number of types: @@ -2800,7 +2814,7 @@ MyResponseType: monster: https://gigantic-server.com/schemas/Monster/schema.json ``` -Here the discriminator _value_ of `dog` will map to the schema `#/components/schemas/Dog`, rather than the default (implicit) value of `Dog`. If the discriminator _value_ does not match an implicit or explicit mapping, no schema can be determined and validation SHOULD fail. Mapping keys MUST be string values, but tooling MAY convert response values to strings for comparison. +Here the discriminator _value_ of `dog` will map to the schema `#/components/schemas/Dog`, rather than the default (implicit) value of `Dog`. If the discriminator _value_ does not match an implicit or explicit mapping, no schema can be determined and validation SHOULD fail. When used in conjunction with the `anyOf` construct, the use of the discriminator can avoid ambiguity where multiple schemas may satisfy a single payload. From 63d56f549670644d613e4d0bb04f8bc9248a821e Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Mon, 20 May 2024 21:06:58 -0700 Subject: [PATCH 049/251] More wording improvements for discriminator. --- versions/3.0.4.md | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index e8f384cc71..25a71d0b5c 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -2734,8 +2734,7 @@ components: #### Discriminator Object -When request bodies or response payloads may be one of a number of different schemas, a Discriminator Object can be used to aid in serialization, deserialization, and validation. -It does this by implicitly or explicitly associating the possible values of a named property with alternative schemas. +When request bodies or response payloads may be one of a number of different schemas, a Discriminator Object can be used to aid in serialization, deserialization, and validation by implicitly or explicitly associating the possible values of a named property with alternative schemas. ##### Fixed Fields Field Name | Type | Description @@ -2746,9 +2745,9 @@ Field Name | Type | Description ##### Conditions for Using the Discriminator Object The Discriminator Object is legal only when using one of the composite keywords `oneOf`, `anyOf`, `allOf`. In both the `oneOf` and `anyOf` use cases, where those keywords are adjacent to `discriminator`, all possible schemas MUST be listed explicitly. -To avoid redundancy, the discriminator MAY be added to a parent schema definition, and all schemas comprising the parent schema in an `allOf` construct may be used as an alternate schema. -It is implementation-defined as to whether all named [Schema Objects](#schemaObject) under the [Components Object](#componentsObject), or only those that are otherwise directly referenced are searched for matching `allOf` references. -However, it is RECOMMENDED to search all named schemas in the Components Object because it is common with the `allOf` usage for other parts of the API to only directly reference the parent schema (that contains the `discriminator`). +To avoid redundancy, the discriminator MAY be added to a parent schema definition, and all schemas building on the parent schema via an `allOf` construct may be used as an alternate schema. +It is implementation-defined as to whether all named [Schema Objects](#schemaObject) under the [Components Object](#componentsObject), or only those that are otherwise directly referenced are searched for `allOf` references to the parent schema. +However, it is RECOMMENDED to search all named schemas in the Components Object because it is common with the `allOf` usage for other parts of the API to only directly reference the parent schema. The behavior of any configuration of `oneOf`, `anyOf`, `allOf` and `discriminator` that is not described above is undefined. From f3343c1cc1d7cc0ff4092cdccf012fc9fa809583 Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Sun, 19 May 2024 07:17:42 -0700 Subject: [PATCH 050/251] Clarify entry/complete document terminology (3.0.4) Clarifies that there can be multiple complete OpenAPI documents, only one of which is an entry OpenAPI document. --- versions/3.0.4.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index c3c02b1f0e..b303a8b0ac 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -146,7 +146,10 @@ In order to preserve the ability to round-trip between YAML and JSON formats, YA ### OpenAPI Description Structure -An OpenAPI Description (OAD) MAY be made up of a single document or be divided into multiple, connected parts at the discretion of the author. In the latter case, [Reference Object](#referenceObject) and [Path Item Object](#pathItemObject) `$ref` keywords, as well as the [Link Object](#linkObject) `operationRef` keyword, are used. In a multi-document description, the document containing the [OpenAPI Object](#oasObject) is known as the **entry OpenAPI document.** +An OpenAPI Description (OAD) MAY be made up of a single document or be divided into multiple, connected parts at the discretion of the author. In the latter case, [Reference Object](#referenceObject) and [Path Item Object](#pathItemObject) `$ref` keywords, as well as the [Link Object](#linkObject) `operationRef` keyword, are used. + +Any document consisting entirely of an OpenAPI Object is known as a **complete OpenAPI document**. +In a multi-document description, the document containing the [OpenAPI Object](#oasObject) where parsing begins for a specific API's description is known as that API's **entry OpenAPI document**, or simply **entry document**. It is RECOMMENDED that the entry OpenAPI document be named: `openapi.json` or `openapi.yaml`. From 4a46b20c451de02e5dee9974fbcbb9be24098d10 Mon Sep 17 00:00:00 2001 From: Henry Andrews Date: Thu, 23 May 2024 09:17:22 -0700 Subject: [PATCH 051/251] Only one "is" is necessary (review feedback) Co-authored-by: Mike Kistler --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 25a71d0b5c..1f10f510ef 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -2752,7 +2752,7 @@ However, it is RECOMMENDED to search all named schemas in the Components Object The behavior of any configuration of `oneOf`, `anyOf`, `allOf` and `discriminator` that is not described above is undefined. ##### Options for Mapping Values to Schemas -The value of the property named in `propertyName` is is used as the name of the associated schema under the [Components Object](#componentsObject), _unless_ a `mapping` is present for that value. +The value of the property named in `propertyName` is used as the name of the associated schema under the [Components Object](#componentsObject), _unless_ a `mapping` is present for that value. The `mapping` entry maps a specific property value to either a different schema component name, or to a schema identified by a URI. When using implicit or explicit schema component names, inline `oneOf` or `anyOf` subschemas are not considered. The behavior of a `mapping` value that is both a valid schema name and a valid relative URI reference is implementation-defined, but it is RECOMMENDED that it be treated as a schema name. From 6a0ed25d96fb709b4533f6fde540717f82aa2e30 Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Thu, 23 May 2024 18:10:00 -0700 Subject: [PATCH 052/251] Clarify Link Obj parameters as best we can (3.0.4) This acknowledges the ambiguity in the key and value syntax of the Link Object's `parameter` field, and provides a bit of guidance on how to implement it. Sadly it is not possible to fully solve in a point release. --- versions/3.0.4.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 12b2375a79..0720ad67a8 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -2073,7 +2073,7 @@ Field Name | Type | Description ---|:---:|--- operationRef | `string` | A relative or absolute URI reference to an OAS operation. This field is mutually exclusive of the `operationId` field, and MUST point to an [Operation Object](#operationObject). Relative `operationRef` values MAY be used to locate an existing [Operation Object](#operationObject) in the OpenAPI definition. operationId | `string` | The name of an _existing_, resolvable OAS operation, as defined with a unique `operationId`. This field is mutually exclusive of the `operationRef` field. -parameters | Map[`string`, Any \| [{expression}](#runtimeExpression)] | A map representing parameters to pass to an operation as specified with `operationId` or identified via `operationRef`. The key is the parameter name to be used, whereas the value can be a constant or an expression to be evaluated and passed to the linked operation. The parameter name can be qualified using the [parameter location](#parameterIn) `[{in}.]{name}` for operations that use the same parameter name in different locations (e.g. path\.id). +parameters | Map[`string`, Any \| [{expression}](#runtimeExpression)] | A map representing parameters to pass to an operation as specified with `operationId` or identified via `operationRef`. The key is the parameter name to be used (optionally qualified with the parameter location, e.g. `path.id` for an `id` parameter in the path), whereas the value can be a constant or an expression to be evaluated and passed to the linked operation. requestBody | Any \| [{expression}](#runtimeExpression) | A literal value or [{expression}](#runtimeExpression) to use as a request body when calling the target operation. description | `string` | A description of the link. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. server | [Server Object](#serverObject) | A server object to be used by the target operation. @@ -2085,6 +2085,9 @@ In the case of an `operationId`, it MUST be unique and resolved in the scope of Because of the potential for name clashes, the `operationRef` syntax is preferred for specifications with external references. +Note that it is not possible to provide a constant value to `parameters` that matches the syntax of a runtime expression. +It is possible to have an ambiguous parameter names, e.g. `name: id, in: path` and `name: path.id, in: query`; this is NOT RECOMMENDED and the behavior is implementation-defined, however implementations SHOULD prefer the qualified interpretation (`path.id` as a path parameter), as the names can always be qualified to disambiguate them (e.g. using `query.path.id` for the query paramter). +I ##### Examples Computing a link from a request operation where the `$request.path.id` is used to pass a request parameter to the linked operation. From abd448521ec6fbfbfa1306a9d6612b30b3acd7cd Mon Sep 17 00:00:00 2001 From: Henry Andrews Date: Fri, 24 May 2024 12:15:23 -0700 Subject: [PATCH 053/251] Fix grammar (review feedback) Co-authored-by: Ralf Handl --- versions/3.0.4.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 0720ad67a8..cb9427d708 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -2086,8 +2086,8 @@ Because of the potential for name clashes, the `operationRef` syntax is preferre for specifications with external references. Note that it is not possible to provide a constant value to `parameters` that matches the syntax of a runtime expression. -It is possible to have an ambiguous parameter names, e.g. `name: id, in: path` and `name: path.id, in: query`; this is NOT RECOMMENDED and the behavior is implementation-defined, however implementations SHOULD prefer the qualified interpretation (`path.id` as a path parameter), as the names can always be qualified to disambiguate them (e.g. using `query.path.id` for the query paramter). -I +It is possible to have ambiguous parameter names, e.g. `name: id, in: path` and `name: path.id, in: query`; this is NOT RECOMMENDED and the behavior is implementation-defined, however implementations SHOULD prefer the qualified interpretation (`path.id` as a path parameter), as the names can always be qualified to disambiguate them (e.g. using `query.path.id` for the query paramter). + ##### Examples Computing a link from a request operation where the `$request.path.id` is used to pass a request parameter to the linked operation. From 1bfe6c3b0da6db9adbb73949ab31eae59b026121 Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Mon, 6 May 2024 18:53:10 -0700 Subject: [PATCH 054/251] Explain allowReserved in RFC6570 terms This aligns allowReserved with style by similarly correlating it with RFC6570 operators. This will make it easier to write a more in-depth explanation of the process in an appendix. --- versions/3.0.4.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 12b2375a79..198f177c4c 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -1068,7 +1068,7 @@ Field Name | Type | Description ---|:---:|--- style | `string` | Describes how the parameter value will be serialized depending on the type of the parameter value. Default values (based on value of `in`): for `query` - `form`; for `path` - `simple`; for `header` - `simple`; for `cookie` - `form`. explode | `boolean` | When this is true, parameter values of type `array` or `object` generate separate parameters for each value of the array or key-value pair of the map. For other types of parameters this property has no effect. When [`style`](#parameterStyle) is `form`, the default value is `true`. For all other styles, the default value is `false`. -allowReserved | `boolean` | Determines whether the parameter value SHOULD allow reserved characters, as defined by [RFC3986](https://tools.ietf.org/html/rfc3986#section-2.2) `:/?#[]@!$&'()*+,;=` to be included without percent-encoding. This property only applies to parameters with an `in` value of `query`. The default value is `false`. +allowReserved | `boolean` | When this is true, parameter values are serialized using reserved expansion, as defined by [RFC6570](https://datatracker.ietf.org/doc/html/rfc6570#autoid-20), which allows [RFC3986's reserved character set](https://datatracker.ietf.org/doc/html/rfc3986#autoid-13), as well as percent-encoded triples, to pass through unchanged, while still percent-encoding all other disallowed characters (including `%` outside of percent-encoded triples). Applications are still responsible for percent-encoding reserved characters that are not allowed in the query string, or have a meaning other than their literal value (e.g. `+` as an escape for the space character in `application/x-www-form-urlencoded` query strings). This property only applies to parameters with an `in` value of `query`. The default value is `false`. schema | [Schema Object](#schemaObject) \| [Reference Object](#referenceObject) | The schema defining the type used for the parameter. example | Any | Example of the parameter's potential value. The example SHOULD match the specified schema and encoding properties if present. The `example` field is mutually exclusive of the `examples` field. Furthermore, if referencing a `schema` that contains an example, the `example` value SHALL _override_ the example provided by the schema. To represent examples of media types that cannot naturally be represented in JSON or YAML, a string value can contain the example with escaping where necessary. examples | Map[ `string`, [Example Object](#exampleObject) \| [Reference Object](#referenceObject)] | Examples of the parameter's potential value. Each example SHOULD contain a value in the correct format as specified in the parameter encoding. The `examples` field is mutually exclusive of the `example` field. Furthermore, if referencing a `schema` that contains an example, the `examples` value SHALL _override_ the example provided by the schema. @@ -1618,7 +1618,7 @@ Field Name | Type | Description headers | Map[`string`, [Header Object](#headerObject) \| [Reference Object](#referenceObject)] | A map allowing additional information to be provided as headers, for example `Content-Disposition`. `Content-Type` is described separately and SHALL be ignored in this section. This property SHALL be ignored if the request body media type is not a `multipart`. style | `string` | Describes how a specific property value will be serialized depending on its type. See [Parameter Object](#parameterObject) for details on the [`style`](#parameterStyle) property. The behavior follows the same values as `query` parameters, including default values. This property SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. explode | `boolean` | When this is true, property values of type `array` or `object` generate separate parameters for each value of the array, or key-value-pair of the map. For other types of properties this property has no effect. When [`style`](#encodingStyle) is `form`, the default value is `true`. For all other styles, the default value is `false`. This property SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. -allowReserved | `boolean` | Determines whether the parameter value SHOULD allow reserved characters, as defined by [RFC3986](https://tools.ietf.org/html/rfc3986#section-2.2) `:/?#[]@!$&'()*+,;=` to be included without percent-encoding. The default value is `false`. This property SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. +allowReserved | `boolean` | When this is true, parameter values are serialized using reserved expansion, as defined by [RFC6570](https://datatracker.ietf.org/doc/html/rfc6570#autoid-20), which allows [RFC3986's reserved character set](https://datatracker.ietf.org/doc/html/rfc3986#autoid-13), as well as percent-encoded triples, to pass through unchanged, while still percent-encoding all other disallowed characters (including `%` outside of percent-encoded triples). Applications are still responsible for percent-encoding reserved characters that are not allowed in the query string, or have a meaning other than their literal value (e.g. `+` as an escape for the space character in `application/x-www-form-urlencoded` query strings). The default value is `false`. This property SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. This object MAY be extended with [Specification Extensions](#specificationExtensions). From 52d3f6c0c21abf3e4a1ea92ebfe75cd4fb9dc7ca Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Mon, 13 May 2024 14:28:01 -0700 Subject: [PATCH 055/251] Appendix on RFC6570-derived behavior This is the one of several appendixes to be added to clarify the most obscure details of Parameter Object and Encoding Object serialization. This clarifies the correspondence between OAS fields and RFC6570 operators, and acknowledges that some field values and combinations do not have analogues. It provides further guidance for how to use RFC6570 implementations to support these configurations. This includes a SHOULD directive regarding using RFC6570 expansion with the non-RFC6570 styles, as the use of "explode" and "allowReserved" does not otherwise make any sense. It perhaps could be a MUST. Examples are included to show both typical usage, and how to work around the lack of exact RFC6570 equivalences for certain configurations. --- versions/3.0.4.md | 212 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 212 insertions(+) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 198f177c4c..71325313a4 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -1073,6 +1073,8 @@ Field Name | Type | Description example | Any | Example of the parameter's potential value. The example SHOULD match the specified schema and encoding properties if present. The `example` field is mutually exclusive of the `examples` field. Furthermore, if referencing a `schema` that contains an example, the `example` value SHALL _override_ the example provided by the schema. To represent examples of media types that cannot naturally be represented in JSON or YAML, a string value can contain the example with escaping where necessary. examples | Map[ `string`, [Example Object](#exampleObject) \| [Reference Object](#referenceObject)] | Examples of the parameter's potential value. Each example SHOULD contain a value in the correct format as specified in the parameter encoding. The `examples` field is mutually exclusive of the `example` field. Furthermore, if referencing a `schema` that contains an example, the `examples` value SHALL _override_ the example provided by the schema. +See also [Appendix C: Using RFC6570 Implementations](#usingRFC6570Implementations) for additional guidance. + ###### Fixed Fields and considerations for use with `content` For more complex scenarios, the [`content`](#parameterContent) property can define the media type and schema of the parameter, as well as give examples of its use. @@ -1622,6 +1624,8 @@ Field Name | Type | Description This object MAY be extended with [Specification Extensions](#specificationExtensions). +See also [Appendix C: Using RFC6570 Implementations](#usingRFC6570Implementations) for additional guidance. + ##### Encoding Object Example `multipart/form-data` allows for binary parts: @@ -3523,3 +3527,211 @@ Version | Date | Notes 1.2 | 2014-03-14 | Initial release of the formal document. 1.1 | 2012-08-22 | Release of Swagger 1.1 1.0 | 2011-08-10 | First release of the Swagger Specification + +## Appendix C: Using RFC6570 Implementations + +Serialization is defined in terms of RFC6570 URI Templates in two scenarios: + +Object | Condition +------ | --------- +[Parameter Object](#parameterObject) | When `schema` is present +[Encoding Object](#encodingObject) | When encoding for `application/x-www-form-urlencoded` and any of `style`, `explode`, or `allowReserved` are used + +Implementations of this specification MAY use an implementation of RFC6570 to perform variable expansion, however, some caveats apply. + +### Equivalences Between Fields and RFC6570 Operators + +Certain field values translate to RFC6570 operators (or lack thereof): + +field | value | equivalent +----- | ----- | ---------- +style | simple | _n/a_ +style | matrix | `;` prefix operator +style | label | `.` prefix operator +style | form | `?` prefix operator +allowReserved | `false` | _n/a_ +allowReserved | `true` | `+` prefix operator +explode | `false` | _n/a_ +explode | `true` | `*` modifier suffix + +Multiple `style: form` parameters are equivalent to a single RFC6570 [variable list](https://www.rfc-editor.org/rfc/rfc6570#section-2.2) using the `?` prefix operator: + +```YAML +parameters: +- name: foo + in: query + schema: + type: object + explode: true +- name: bar + in: query + schema: + type: string +``` + +This example is equivalent to RFC6570's `{?foo*,bar}`, and ***NOT*** `{?foo*}{&bar}`, which is problematic because if `foo` is not defined, the result will be an invalid URI. +The `&` prefix operator has no equivalent in the Parameter Object. + +### Non-RFC6570 Field Values and Combinations + +Configurations with no direct RFC6570 equivalent SHOULD also be handled according to RFC6570. +Implementations MAY create a properly delimited URI Template with variables for individual names and values using RFC6570 regular or reserved expansion (based on `allowReserved`). + +This includes: + * the styles `pipeDelimited`, `spaceDelimited`, and `deepObject`, which have no equivalents at all + * the combination of the style `form` with `allowReserved: true`, which is not allowed because only one prefix operator can be used at a time + * any parameter name that is not a legal RFC6570 variable name (alphanumerics, `_`, and percent-encoded characters) + +The Parameter Object's `name` field has a much more permissive syntax than [RFC6570 variable name syntax](https://www.rfc-editor.org/rfc/rfc6570#section-2.3). +A parameter name that includes characters outside of the allowed RFC6570 variable character set MUST be percent-encoded before it can be used in a URI Template, and MUST set `allowReserved: true` to avoid double percent-encoding. + +### Examples + +Let's say we want to use the following data in a form query string, where `formulas` is exploded, and `words` is not: + +```YAML +formulas: + a: x+y + b: x/y + c: x^y +words: +- math +- is +- fun +``` + +#### RFC6570-Equivalent Expansion + +This array of parameter objects uses regular `style: form` expansion, fully supported by RFC6570: + +```YAML +parameters: +- name: formulas + in: query + schema: + type: object + additionalProperties: + type: string + explode: true +- name: words + in: query + schema: + type: array + items: + type: string +``` + +This translates to the following URI Template: + +```urlencoded +{?formulas*,words} +``` + +when expanded with the data given earlier, we get: + +```urlencoded +?a=x%2By&b=x%2Fy&c=x%5Ey&words=math,is,fun +``` + +#### Expansion With Non-RFC6570-Supported Options + +But now let's say that (for some reason), we really want that `/` in the `b` formula to show up as-is in the query string, and we want our words to be space-separated like in a written phrase. +To do that, we'll add `allowReserved: true` to `formulas`, and change to `style: spaceDelimited` for `words`: + +```YAML +parameters: +- name: formulas + in: query + schema: + type: object + additionalProperties: + type: string + explode: true + allowReserved: true +- name: words + in: query + style: spaceDelimited + schema: + type: array + items: + type: string +``` + +We can't combine the `?` and `+` RFC6570 prefixes, and there's no way with RFC6570 to replace the `,` separator with a space character. +So we need to restructure the data to fit a manually constructed URI Template that passes all of the pieces through the right sort of expansion. + +Here is one such template. +The exact variable names are unimportant, but in this example "f" and "w" are meant to suggest "formulas" and "words", while "n" and "v" suggest "name" and "value": + +```urlencoded +?{+fn0}={+fv0}&{+fn1}={+fv1}&{+fn2}={+fv2}&{wn}={wv0} {wv1} {wv2} +``` + +We'll also need to pre-process the names and values for `formaulas` because while `/` and most other reserved characters are allowed in the query string by RFC3986, `[`, `]`, and `#` [are not](https://datatracker.ietf.org/doc/html/rfc3986#appendix-A), and `&`, `=`, and `+` all have [special behavior](https://www.rfc-editor.org/rfc/rfc1866#section-8.2.1) in the `application/x-www-form-urlencoded` format, which is what we are using in the query string. + +Setting `allowReserved: true` does _not_ make reserved characters that are not allowed in URIs allowed, it just allows them to be _passed through expansion unchanged._ +Therefore, any tooling still needs to percent-encode those characters because reserved expansion will not do it, but it _will_ leave the percent-encoded triples unchanged. +See also Appendix D for further guidance on percent-encoding and form media types, including guidance on handling the delimiter characters for `spaceDelimited`, `pipeDelimited`, and `deepObject` in parameter names and values. + +So here is our data structure that arranges the names and values to suit the template above, where names and values for `formulas` have `[]#&=+` pre-percent encoded (although only `+` appears in this example): + +```YAML +fn0: a +fv0: x%2By +fn1: b +fv1: x/y +fn2: c +fv2: x^y +wn: words +wv0: math +wv1: is +wv2: fun +``` + +Expanding our manually assembled template with our restructured data yields the following query string: + +```urlencoded +?a=x%2By&b=x/y&c=x%5Ey&words=math%20is%20fun + +``` +The `/` and the pre-percent-encoded `%2B` have been left alone, but the disallowed `^` character (inside a value) and space characters (in the template but outside of the expanded variables) were percent-encoded. + +#### Undefined Values and Manual URI Template Construction + +Care must be taken when manually constructing templates to handle the values that [RFC6570 considers to be _undefined_](https://datatracker.ietf.org/doc/html/rfc6570#section-2.3) correctly: + +```YAML +formulas: {} +words: +- hello +- world +``` + +Using this data with our original RFC6570-friendly URI Template, `{?formulas*,words}`, produces the following: + + +```urlencoded +?words=hello,world +``` + +This means that the manually constructed URI Template and restructured data need to leave out the `formulas` object entirely so that the `words` parameter is the first and only parameter in the query string. + +Restructured data: + +```YAML +wn: words +wv0: hello +wv1: world +``` + +Manually constructed URI Template: + +```urlencoded +?{wn}={wv0} {wv1} +``` + +Result: + +```urlencoded +?words=hello%20world +``` From 8ab02d94dd24c57d06f9c4bdde274ea9551e232b Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Sun, 26 May 2024 13:29:35 -0700 Subject: [PATCH 056/251] Resolution of relative URLs in CommonMark text (3.0.4) Note that they are resolved in their rendered context. --- versions/3.0.4.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 12b2375a79..d79f7dd90c 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -212,6 +212,8 @@ Relative references are resolved using the URLs defined in the [`Server Object`] Relative references used in `$ref` are processed as per [JSON Reference](https://tools.ietf.org/html/draft-pbryan-zyp-json-ref-03), using the URL of the current document as the base URI. See also the [Reference Object](#referenceObject). +Relative references in CommonMark hyperlinks are resolved in their rendered context, which might differ greatly from the context of the API description. + ### Schema In the following description, if a field is not explicitly **REQUIRED** or described with a MUST or SHALL, it can be considered OPTIONAL. From b25f83cf56af928acc4813e56b2103aa0aaae267 Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Sun, 26 May 2024 14:44:53 -0700 Subject: [PATCH 057/251] Note RFC6570 and message body adjustment --- versions/3.0.4.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 71325313a4..14647eec13 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -3539,6 +3539,8 @@ Object | Condition Implementations of this specification MAY use an implementation of RFC6570 to perform variable expansion, however, some caveats apply. +Note that when using `style: form` RFC6570 expansion to produce an `application/x-www-form-urlencoded` HTTP message body, it is necessary to remove the `?` prefix that is produced to satisfy the URI query string syntax. + ### Equivalences Between Fields and RFC6570 Operators Certain field values translate to RFC6570 operators (or lack thereof): From f5914c76e227533afaeae79bbc852254a57b0a79 Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Sun, 26 May 2024 18:19:54 -0700 Subject: [PATCH 058/251] Arrays and objects have limited support in parameters RFC6570-based serialization will not go beyond what is specified to unpack arrays and objects. --- versions/3.0.4.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 14647eec13..42510fe85f 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -3574,6 +3574,8 @@ parameters: This example is equivalent to RFC6570's `{?foo*,bar}`, and ***NOT*** `{?foo*}{&bar}`, which is problematic because if `foo` is not defined, the result will be an invalid URI. The `&` prefix operator has no equivalent in the Parameter Object. +Note that RFC6570 does not specify behavior for compound values beyond the single level addressed by `explode`. The results of using objects or arrays where no behavior is clearly specified for them is implementation-defined. + ### Non-RFC6570 Field Values and Combinations Configurations with no direct RFC6570 equivalent SHOULD also be handled according to RFC6570. From 2f7def536f30545516952f8c63c42eb36cc2f03b Mon Sep 17 00:00:00 2001 From: Henry Andrews Date: Mon, 27 May 2024 08:27:08 -0700 Subject: [PATCH 059/251] wording suggestion (review feedback) Co-authored-by: Ralf Handl --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index d79f7dd90c..5a035a9e1e 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -212,7 +212,7 @@ Relative references are resolved using the URLs defined in the [`Server Object`] Relative references used in `$ref` are processed as per [JSON Reference](https://tools.ietf.org/html/draft-pbryan-zyp-json-ref-03), using the URL of the current document as the base URI. See also the [Reference Object](#referenceObject). -Relative references in CommonMark hyperlinks are resolved in their rendered context, which might differ greatly from the context of the API description. +Relative references in CommonMark hyperlinks are resolved in their rendered context, which might differ from the context of the API description. ### Schema From ad97a43b6a3e3da4ac38fb8cdd396fe752386e09 Mon Sep 17 00:00:00 2001 From: Henry Andrews Date: Mon, 27 May 2024 08:50:56 -0700 Subject: [PATCH 060/251] Fix typeo (review feedback) Co-authored-by: Darrel --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 42510fe85f..19cf5ebd48 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -3671,7 +3671,7 @@ The exact variable names are unimportant, but in this example "f" and "w" are me ?{+fn0}={+fv0}&{+fn1}={+fv1}&{+fn2}={+fv2}&{wn}={wv0} {wv1} {wv2} ``` -We'll also need to pre-process the names and values for `formaulas` because while `/` and most other reserved characters are allowed in the query string by RFC3986, `[`, `]`, and `#` [are not](https://datatracker.ietf.org/doc/html/rfc3986#appendix-A), and `&`, `=`, and `+` all have [special behavior](https://www.rfc-editor.org/rfc/rfc1866#section-8.2.1) in the `application/x-www-form-urlencoded` format, which is what we are using in the query string. +We'll also need to pre-process the names and values for `formulas` because while `/` and most other reserved characters are allowed in the query string by RFC3986, `[`, `]`, and `#` [are not](https://datatracker.ietf.org/doc/html/rfc3986#appendix-A), and `&`, `=`, and `+` all have [special behavior](https://www.rfc-editor.org/rfc/rfc1866#section-8.2.1) in the `application/x-www-form-urlencoded` format, which is what we are using in the query string. Setting `allowReserved: true` does _not_ make reserved characters that are not allowed in URIs allowed, it just allows them to be _passed through expansion unchanged._ Therefore, any tooling still needs to percent-encode those characters because reserved expansion will not do it, but it _will_ leave the percent-encoded triples unchanged. From ed7a6d8dc79d262b97d8359c4d9735f597eab541 Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Mon, 27 May 2024 12:34:15 -0700 Subject: [PATCH 061/251] Fix handling of parameter names, clarify table entry * Paramter names don't need to be modeled as template variables. * Include an example of a parameter name that needs encoding. * Add more details to the fixed field entries for allowReserved --- versions/3.0.4.md | 77 ++++++++++++++++++++++++++++++++--------------- 1 file changed, 53 insertions(+), 24 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 19cf5ebd48..b8deb70ad2 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -1068,7 +1068,7 @@ Field Name | Type | Description ---|:---:|--- style | `string` | Describes how the parameter value will be serialized depending on the type of the parameter value. Default values (based on value of `in`): for `query` - `form`; for `path` - `simple`; for `header` - `simple`; for `cookie` - `form`. explode | `boolean` | When this is true, parameter values of type `array` or `object` generate separate parameters for each value of the array or key-value pair of the map. For other types of parameters this property has no effect. When [`style`](#parameterStyle) is `form`, the default value is `true`. For all other styles, the default value is `false`. -allowReserved | `boolean` | When this is true, parameter values are serialized using reserved expansion, as defined by [RFC6570](https://datatracker.ietf.org/doc/html/rfc6570#autoid-20), which allows [RFC3986's reserved character set](https://datatracker.ietf.org/doc/html/rfc3986#autoid-13), as well as percent-encoded triples, to pass through unchanged, while still percent-encoding all other disallowed characters (including `%` outside of percent-encoded triples). Applications are still responsible for percent-encoding reserved characters that are not allowed in the query string, or have a meaning other than their literal value (e.g. `+` as an escape for the space character in `application/x-www-form-urlencoded` query strings). This property only applies to parameters with an `in` value of `query`. The default value is `false`. +allowReserved | `boolean` | When this is true, parameter values are serialized using reserved expansion, as defined by [RFC6570](https://datatracker.ietf.org/doc/html/rfc6570#autoid-20), which allows [RFC3986's reserved character set](https://datatracker.ietf.org/doc/html/rfc3986#autoid-13), as well as percent-encoded triples, to pass through unchanged, while still percent-encoding all other disallowed characters (including `%` outside of percent-encoded triples). Applications are still responsible for percent-encoding reserved characters that are [not allowed in the query string](https://datatracker.ietf.org/doc/html/rfc3986#autoid-24) (`[`, `]`, `#`), or have a special meaning in `application/x-www-form-urlencoded` (`-`, `&`, `+`); see Appendices [C](#usingRFC6570Implementations) and [E](#percentEncodingAndFormMediaTypes) for details. This property only applies to parameters with an `in` value of `query`. The default value is `false`. schema | [Schema Object](#schemaObject) \| [Reference Object](#referenceObject) | The schema defining the type used for the parameter. example | Any | Example of the parameter's potential value. The example SHOULD match the specified schema and encoding properties if present. The `example` field is mutually exclusive of the `examples` field. Furthermore, if referencing a `schema` that contains an example, the `example` value SHALL _override_ the example provided by the schema. To represent examples of media types that cannot naturally be represented in JSON or YAML, a string value can contain the example with escaping where necessary. examples | Map[ `string`, [Example Object](#exampleObject) \| [Reference Object](#referenceObject)] | Examples of the parameter's potential value. Each example SHOULD contain a value in the correct format as specified in the parameter encoding. The `examples` field is mutually exclusive of the `example` field. Furthermore, if referencing a `schema` that contains an example, the `examples` value SHALL _override_ the example provided by the schema. @@ -1620,7 +1620,7 @@ Field Name | Type | Description headers | Map[`string`, [Header Object](#headerObject) \| [Reference Object](#referenceObject)] | A map allowing additional information to be provided as headers, for example `Content-Disposition`. `Content-Type` is described separately and SHALL be ignored in this section. This property SHALL be ignored if the request body media type is not a `multipart`. style | `string` | Describes how a specific property value will be serialized depending on its type. See [Parameter Object](#parameterObject) for details on the [`style`](#parameterStyle) property. The behavior follows the same values as `query` parameters, including default values. This property SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. explode | `boolean` | When this is true, property values of type `array` or `object` generate separate parameters for each value of the array, or key-value-pair of the map. For other types of properties this property has no effect. When [`style`](#encodingStyle) is `form`, the default value is `true`. For all other styles, the default value is `false`. This property SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. -allowReserved | `boolean` | When this is true, parameter values are serialized using reserved expansion, as defined by [RFC6570](https://datatracker.ietf.org/doc/html/rfc6570#autoid-20), which allows [RFC3986's reserved character set](https://datatracker.ietf.org/doc/html/rfc3986#autoid-13), as well as percent-encoded triples, to pass through unchanged, while still percent-encoding all other disallowed characters (including `%` outside of percent-encoded triples). Applications are still responsible for percent-encoding reserved characters that are not allowed in the query string, or have a meaning other than their literal value (e.g. `+` as an escape for the space character in `application/x-www-form-urlencoded` query strings). The default value is `false`. This property SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. +allowReserved | `boolean` | When this is true, parameter values are serialized using reserved expansion, as defined by [RFC6570](https://datatracker.ietf.org/doc/html/rfc6570#autoid-20), which allows [RFC3986's reserved character set](https://datatracker.ietf.org/doc/html/rfc3986#autoid-13), as well as percent-encoded triples, to pass through unchanged, while still percent-encoding all other disallowed characters (including `%` outside of percent-encoded triples). Applications are still responsible for percent-encoding reserved characters that are [not allowed in the query string](https://datatracker.ietf.org/doc/html/rfc3986#autoid-24) (`[`, `]`, `#`), or have a special meaning in `application/x-www-form-urlencoded` (`-`, `&`, `+`); see Appendices [C](#usingRFC6570Implementations) and [E](#percentEncodingAndFormMediaTypes) for details. This property only applies to parameters with an `in` value of `query`. The default value is `false`. This object MAY be extended with [Specification Extensions](#specificationExtensions). @@ -3541,6 +3541,9 @@ Implementations of this specification MAY use an implementation of RFC6570 to pe Note that when using `style: form` RFC6570 expansion to produce an `application/x-www-form-urlencoded` HTTP message body, it is necessary to remove the `?` prefix that is produced to satisfy the URI query string syntax. +Note also that not all RFC6570 implementations support all four levels of operators, all of which are needed to fully support the OpenAPI Specification's usage. +Using an implementation with a lower level of support will require additional manual construction of URI Templates to work around the limitations. + ### Equivalences Between Fields and RFC6570 Operators Certain field values translate to RFC6570 operators (or lack thereof): @@ -3587,7 +3590,7 @@ This includes: * any parameter name that is not a legal RFC6570 variable name (alphanumerics, `_`, and percent-encoded characters) The Parameter Object's `name` field has a much more permissive syntax than [RFC6570 variable name syntax](https://www.rfc-editor.org/rfc/rfc6570#section-2.3). -A parameter name that includes characters outside of the allowed RFC6570 variable character set MUST be percent-encoded before it can be used in a URI Template, and MUST set `allowReserved: true` to avoid double percent-encoding. +A parameter name that includes characters outside of the allowed RFC6570 variable character set MUST be percent-encoded before it can be used in a URI Template. ### Examples @@ -3664,39 +3667,36 @@ parameters: We can't combine the `?` and `+` RFC6570 prefixes, and there's no way with RFC6570 to replace the `,` separator with a space character. So we need to restructure the data to fit a manually constructed URI Template that passes all of the pieces through the right sort of expansion. -Here is one such template. -The exact variable names are unimportant, but in this example "f" and "w" are meant to suggest "formulas" and "words", while "n" and "v" suggest "name" and "value": +Here is one such template, using a made-up convention of `words.0` for the first entry in the words value, `words.1` for the second. ```urlencoded -?{+fn0}={+fv0}&{+fn1}={+fv1}&{+fn2}={+fv2}&{wn}={wv0} {wv1} {wv2} +?a={+a}&b={+b}&c={+c}&words={words.0} {words.1} {words.2} ``` -We'll also need to pre-process the names and values for `formulas` because while `/` and most other reserved characters are allowed in the query string by RFC3986, `[`, `]`, and `#` [are not](https://datatracker.ietf.org/doc/html/rfc3986#appendix-A), and `&`, `=`, and `+` all have [special behavior](https://www.rfc-editor.org/rfc/rfc1866#section-8.2.1) in the `application/x-www-form-urlencoded` format, which is what we are using in the query string. +RFC6570 [mentions](https://www.rfc-editor.org/rfc/rfc6570.html#section-2.4.2) the use of `.` "to indicate name hierarchy in substructures," but does not define any specific naming convention or behavior for it. +Since the `.` usage is not automatic, we'll need to construct an appropriate input structure for this new template. + +We'll also need to pre-process the values for `formulas` because while `/` and most other reserved characters are allowed in the query string by RFC3986, `[`, `]`, and `#` [are not](https://datatracker.ietf.org/doc/html/rfc3986#appendix-A), and `&`, `=`, and `+` all have [special behavior](https://www.rfc-editor.org/rfc/rfc1866#section-8.2.1) in the `application/x-www-form-urlencoded` format, which is what we are using in the query string. Setting `allowReserved: true` does _not_ make reserved characters that are not allowed in URIs allowed, it just allows them to be _passed through expansion unchanged._ Therefore, any tooling still needs to percent-encode those characters because reserved expansion will not do it, but it _will_ leave the percent-encoded triples unchanged. -See also Appendix D for further guidance on percent-encoding and form media types, including guidance on handling the delimiter characters for `spaceDelimited`, `pipeDelimited`, and `deepObject` in parameter names and values. +See also [Appendix E](#to indicate name hierarchy in substructures) for further guidance on percent-encoding and form media types, including guidance on handling the delimiter characters for `spaceDelimited`, `pipeDelimited`, and `deepObject` in parameter names and values. -So here is our data structure that arranges the names and values to suit the template above, where names and values for `formulas` have `[]#&=+` pre-percent encoded (although only `+` appears in this example): +So here is our data structure that arranges the names and values to suit the template above, where values for `formulas` have `[]#&=+` pre-percent encoded (although only `+` appears in this example): ```YAML -fn0: a -fv0: x%2By -fn1: b -fv1: x/y -fn2: c -fv2: x^y -wn: words -wv0: math -wv1: is -wv2: fun +a: x%2By +b: x/y +c: x^y +words.0: math +words.1: is +words.2: fun ``` Expanding our manually assembled template with our restructured data yields the following query string: ```urlencoded ?a=x%2By&b=x/y&c=x%5Ey&words=math%20is%20fun - ``` The `/` and the pre-percent-encoded `%2B` have been left alone, but the disallowed `^` character (inside a value) and space characters (in the template but outside of the expanded variables) were percent-encoded. @@ -3723,15 +3723,14 @@ This means that the manually constructed URI Template and restructured data need Restructured data: ```YAML -wn: words -wv0: hello -wv1: world +words.0: hello +words.1: world ``` Manually constructed URI Template: ```urlencoded -?{wn}={wv0} {wv1} +?words={words.0} {words.1} ``` Result: @@ -3739,3 +3738,33 @@ Result: ```urlencoded ?words=hello%20world ``` + +#### Illegal Variable Names as Parameter Names +In this example, the heart emoji is not legal in URI Template names (or URIs): + +```YAML +parameters: +- name: ❤️ + in: query + schema: + type: string +``` + +We can't just pass `❤️: love!` to an RFC6570 implementation. +Instead, we have to pre-percent-encode the name (which is a six-octet UTF-8 sequence) in both the data and the URI Template: + +```YAML +"%E2%9D%A4%EF%B8%8F": love! +``` + +```urlencoded +{?%E2%9D%A4%EF%B8%8F} +``` + +This will expand to the result: + +```urlencoded +?%E2%9D%A4%EF%B8%8F=love%21 +``` + +## Appendix E: Percent-Encoding and Form Media Types From 00b75dd1267d4cb3bc1b15a9084a7351789b1eb5 Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Mon, 27 May 2024 14:04:59 -0700 Subject: [PATCH 062/251] Link to the Learn and Spec sites Guide readers to supplemental documentation, examples, related specificatioins, and extension registries. These sites answer many questions that otherwise get raised as GitHub issues. --- versions/3.0.4.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 12b2375a79..9c15a83024 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -12,6 +12,10 @@ The OpenAPI Specification (OAS) defines a standard, language-agnostic interface An OpenAPI definition can then be used by documentation generation tools to display the API, code generation tools to generate servers and clients in various programming languages, testing tools, and many other use cases. +For examples of OpenAPI usage and additional documentation, please visit [learn.openapis.org](https://learn.openapis.org/). + +For extension registries and other specifications published by the OpenAPI Initiative, please visit [spec.openapis.org](https://spec.openapis.org/) + ## Table of Contents From ce05949e3cdd421f9ac07092d6a05e826155cd74 Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Mon, 27 May 2024 14:10:42 -0700 Subject: [PATCH 063/251] Clarify "Schema" --- versions/3.0.4.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 9c15a83024..65ec4122c6 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -218,6 +218,11 @@ Relative references used in `$ref` are processed as per [JSON Reference](https:/ ### Schema +This section describes the structure of the OpenAPI Description format. +This text is the only normative description of the format. +A JSON Schema is hosted on [spec.openapis.org](https://spec.openapis.org) for informational purposes. +If the JSON Schema differs from this section, then this section MUST be considered authoritative. + In the following description, if a field is not explicitly **REQUIRED** or described with a MUST or SHALL, it can be considered OPTIONAL. #### OpenAPI Object From 41d2a52062e55f650c6daa383a6170113e5718d9 Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Mon, 27 May 2024 14:17:21 -0700 Subject: [PATCH 064/251] Global HTTP case-(in)sensitivity rule --- versions/3.0.4.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 65ec4122c6..cac0f99710 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -100,6 +100,10 @@ Some examples of possible media type definitions: The HTTP Status Codes are used to indicate the status of the executed operation. Status codes SHOULD be selected from the available status codes registered in the [IANA Status Code Registry](https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml). +##### HTTP and Case Sensitivity +As most field names and values in the OpenAPI Specification are case-sensitive, this document endeavors to call out any case-insensitive names and values. +However, the case sensitivity of field names and values that map directly to HTTP concepts follow the case sensitivity rules of HTTP, even if this document does not make a note of every concept. + ##### Undefined and Implementation-Defined Behavior This specification deems certain situations to have either _undefined_ or _implementation-defined_ behavior. From 79ed97214577bc8053f9fd69782e4b25f6cc1b3a Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Mon, 27 May 2024 14:25:46 -0700 Subject: [PATCH 065/251] Improved description of XML examples --- versions/3.0.4.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index cac0f99710..dbb5565162 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -2926,7 +2926,8 @@ This object MAY be extended with [Specification Extensions](#specificationExtens ##### XML Object Examples -The examples of the XML object definitions are included inside a property definition of a [Schema Object](#schemaObject) with a sample of the XML representation of it. +Each of the following examples represent the value of the `properties` keyword in a [Schema Object](#schemaObject) that is omitted for brevity. +The JSON and YAML representations of the `properties` value are followed by an example XML representation produced for the single property shown. ###### No XML Element From 02df67541fad8677d0eb3d96707941c565711c84 Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Mon, 27 May 2024 14:45:49 -0700 Subject: [PATCH 066/251] Clarify CommonMark extensibility. --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index dbb5565162..b5ba8642aa 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -211,7 +211,7 @@ Note that the encoding indicated by `byte`, which inflates the size of data in o ### Rich Text Formatting Throughout the specification `description` fields are noted as supporting CommonMark markdown formatting. -Where OpenAPI tooling renders rich text it MUST support, at a minimum, markdown syntax as described by [CommonMark 0.27](https://spec.commonmark.org/0.27/). Tooling MAY choose to ignore some CommonMark features to address security concerns. +Where OpenAPI tooling renders rich text it MUST support, at a minimum, markdown syntax as described by [CommonMark 0.27](https://spec.commonmark.org/0.27/). Tooling MAY choose to implement extensions on top of CommonMark 0.27, and MAY choose to ignore some CommonMark or extension features to address security concerns. ### Relative References in URLs From 4cdcab329ca49e746fd469652cb8bdb7fe3a3af0 Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Mon, 27 May 2024 15:11:58 -0700 Subject: [PATCH 067/251] Add description to the Example Object --- versions/3.0.4.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index b5ba8642aa..c01339faab 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -1997,6 +1997,10 @@ transactionCallback: ``` #### Example Object +An object grouping an internal or external example value with basic `summary` and `description` metadata. +This object is typically used in properties named `examples` (plural), and is a [referenceable](#referenceObject) alternative to older `example` (singular) fields that do not support referencing or metadata. + +Allows sharing an example to demonstrate the usage of properties, parameters and objects within OpenAPI. ##### Fixed Fields Field Name | Type | Description From 3ee70cd47aad6eb996e2d0dd51eb2a8d63baf642 Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Tue, 28 May 2024 13:44:37 -0700 Subject: [PATCH 068/251] Improve media type encoding examples * Replace the outdated "model" terminology with "schema" * Remove the outdated `text/plain` array example, which does not correlate with current OAS requirements * Rather than replacing the `text/plain` example direclty, enhance the example of serializing `application/json` content in `application/x-www-form-urlencoeded` request bodies. --- versions/3.0.4.md | 61 ++++++++++++++++++++++------------------------- 1 file changed, 29 insertions(+), 32 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 12b2375a79..8a17cfb484 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -1297,7 +1297,7 @@ This object MAY be extended with [Specification Extensions](#specificationExtens ##### Request Body Examples -A request body with a referenced model definition. +A request body with a referenced schema definition. ```json { "description": "user to add to the system", @@ -1373,35 +1373,6 @@ content: externalValue: http://foo.bar/examples/user-example.whatever ``` -A body parameter that is an array of string values: -```json -{ - "description": "user to add to the system", - "content": { - "text/plain": { - "schema": { - "type": "array", - "items": { - "type": "string" - } - } - } - } -} -``` - -```yaml -description: user to add to the system -required: true -content: - text/plain: - schema: - type: array - items: - type: string -``` - - #### Media Type Object Each Media Type Object provides schema and examples for the media type identified by its key. @@ -1557,9 +1528,35 @@ requestBody: properties: {} ``` -In this example, the contents in the `requestBody` MUST be stringified per [RFC1866](https://tools.ietf.org/html/rfc1866) when passed to the server. In addition, the `address` field complex object will be stringified. +In this example, the contents in the `requestBody` MUST be encoded per [RFC1866](https://tools.ietf.org/html/rfc1866) when passed to the server. In addition, the `address` field complex object will be serialized to a string representation prior to encoding. + +When passing complex objects in the `application/x-www-form-urlencoded` content type, the default serialization strategy of such properties is described in the [Encoding Object](#encodingObject)'s [`style`](#encodingStyle) property as `form`. + +With this example, given an `id` of `f81d4fae-7dec-11d0-a765-00a0c91e6bf6` and a US-style address as follows: + +```json +{ + "streetAddress": "123 Example Dr.", + "city": "Somewhere", + "state": "CA", + "zip": 99999 +} +``` + +Assuming the most compact representation of the JSON value (with unnecessary whitespace removed), we would expect to see the following request body, where space characters have been replaced with `+` and `"`, `{`, and `}` have been percent-encoded to `%22`, `%7B`, and `%7D`, respectively: -When passing complex objects in the `application/x-www-form-urlencoded` content type, the default serialization strategy of such properties is described in the [`Encoding Object`](#encodingObject)'s [`style`](#encodingStyle) property as `form`. +```urlencoded +id=f81d4fae-7dec-11d0-a765-00a0c91e6bf6&address=%7B%22streetAddress%22:%22123+Example+Dr.%22,%22city%22:%22Somewhere%22,%22state%22:%22CA%22,%22zip%22:99999%7D +``` + +Note that the `id` keyword is treated a `text/plain` per the [Encoding Object](#encodingObject)'s default behavior, and is serialized as-is. +If it were treated as `application/json`, then the serialized value would be a JSON string including quotation marks, which would be percent-encoded as `%22`. + +Here is the `id` parameter (without `address`) serialized as `application/json` instead of `text/plain`, and then encoded per RFC1866: + +```urlencoded +id=%22f81d4fae-7dec-11d0-a765-00a0c91e6bf6%22 +``` ##### Special Considerations for `multipart` Content From b5d222914ceb4618b641db0683b480111929da01 Mon Sep 17 00:00:00 2001 From: Henry Andrews Date: Tue, 28 May 2024 14:45:44 -0700 Subject: [PATCH 069/251] Review feedback on RFC quotations vs linking Co-authored-by: Ralf Handl --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index b8deb70ad2..96025bdac1 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -3587,7 +3587,7 @@ Implementations MAY create a properly delimited URI Template with variables for This includes: * the styles `pipeDelimited`, `spaceDelimited`, and `deepObject`, which have no equivalents at all * the combination of the style `form` with `allowReserved: true`, which is not allowed because only one prefix operator can be used at a time - * any parameter name that is not a legal RFC6570 variable name (alphanumerics, `_`, and percent-encoded characters) + * any parameter name that is not a legal RFC6570 variable name The Parameter Object's `name` field has a much more permissive syntax than [RFC6570 variable name syntax](https://www.rfc-editor.org/rfc/rfc6570#section-2.3). A parameter name that includes characters outside of the allowed RFC6570 variable character set MUST be percent-encoded before it can be used in a URI Template. From 656fd213fd729b53b9db4647c269125f10ff8a9b Mon Sep 17 00:00:00 2001 From: Henry Andrews Date: Wed, 29 May 2024 09:09:57 -0700 Subject: [PATCH 070/251] review feedback - typo Co-authored-by: Ralf Handl --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 8a17cfb484..a9586a8fe2 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -1549,7 +1549,7 @@ Assuming the most compact representation of the JSON value (with unnecessary whi id=f81d4fae-7dec-11d0-a765-00a0c91e6bf6&address=%7B%22streetAddress%22:%22123+Example+Dr.%22,%22city%22:%22Somewhere%22,%22state%22:%22CA%22,%22zip%22:99999%7D ``` -Note that the `id` keyword is treated a `text/plain` per the [Encoding Object](#encodingObject)'s default behavior, and is serialized as-is. +Note that the `id` keyword is treated as `text/plain` per the [Encoding Object](#encodingObject)'s default behavior, and is serialized as-is. If it were treated as `application/json`, then the serialized value would be a JSON string including quotation marks, which would be percent-encoded as `%22`. Here is the `id` parameter (without `address`) serialized as `application/json` instead of `text/plain`, and then encoded per RFC1866: From 3030962b1dc436f447a3c493a4318d8b0151b291 Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Thu, 30 May 2024 13:18:13 -0700 Subject: [PATCH 071/251] Verbose Header Object documentation (3.0.4) This copies the relevant Parameter Object fields to the Header Object instead of relying on implicit guidance. The text for the fields has been edited to reflect that only headers are being described. This also include an example of describing a header using the `content` field, and explaining why it is necessary to do so. --- versions/3.0.4.md | 77 +++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 71 insertions(+), 6 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 12b2375a79..75d1eecad2 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -2232,18 +2232,56 @@ Expressions can be embedded into string values by surrounding the expression wit #### Header Object -The Header Object follows the structure of the [Parameter Object](#parameterObject) with the following changes: +The Header Object is used to describe headers for [HTTP responses](#responseHeaders) and for [individual parts in `multipart` representations](#encodingHeaders); see the relevant [Header Object](#headerObject) and [Encoding Object](#encodingObject) documentation for restrictions on which headers can be described. + +The Header Object follows the structure of the [Parameter Object](#parameterObject), including determining its serialization strategy based on whether `schema` or `content` is present, with the following changes: 1. `name` MUST NOT be specified, it is given in the corresponding `headers` map. 1. `in` MUST NOT be specified, it is implicitly in `header`. -1. All traits that are affected by the location MUST be applicable to a location of `header` (for example, [`style`](#parameterStyle)). +1. All traits that are affected by the location MUST be applicable to a location of `header` (for example, [`style`](#parameterStyle)). This means that `allowEmptyValue` and `allowReserved` MUST NOT be used, and `style`, if used, MUST be limited to `simple`. + +###### Common Fixed Fields + +These fields MAY be used with either `content` or `schema`. + +Field Name | Type | Description +---|:---:|--- +description | `string` | A brief description of the header. This could contain examples of use. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. +required | `boolean` | Determines whether this header is mandatory. The default value is `false`. + deprecated | `boolean` | Specifies that a parameter is deprecated and SHOULD be transitioned out of usage. Default value is `false`. + +###### Fixed Fields for use with `schema` + +For simpler scenarios, a [`schema`](#headerSchema) and [`style`](#headerStyle) can describe the structure and syntax of the header. +When `example` or `examples` are provided in conjunction with the `schema` object, the example MUST follow the prescribed serialization strategy for the header. + +Serializing with `schema` is NOT RECOMMENDED for headers with parameters (name=value pairs following a `;`) in their values, or where values might have non-URL-safe characters; see [Appendix D](#serializingHeadersAndCookies) for details. + +Field Name | Type | Description +---|:---:|--- +style | `string` | Describes how the header value will be serialized. The default (and only legal value for headers) is `simple`. +explode | `boolean` | When this is true, header values of type `array` or `object` generate separate header values for each value of the array or key-value pair of the map. For other types of parameters this property has no effect. The default value is `false`. +schema | [Schema Object](#schemaObject) \| [Reference Object](#referenceObject) | The schema defining the type used for the header. +example | Any | Example of the header's potential value. The example SHOULD match the specified schema and encoding properties if present. The `example` field is mutually exclusive of the `examples` field. Furthermore, if referencing a `schema` that contains an example, the `example` value SHALL _override_ the example provided by the schema. To represent examples of media types that cannot naturally be represented in JSON or YAML, a string value can contain the example with escaping where necessary. +examples | Map[ `string`, [Example Object](#exampleObject) \| [Reference Object](#referenceObject)] | Examples of the header's potential value. Each example SHOULD contain a value in the correct format as specified in the header encoding. The `examples` field is mutually exclusive of the `example` field. Furthermore, if referencing a `schema` that contains an example, the `examples` value SHALL _override_ the example provided by the schema. + +See also [Appendix C: Using RFC6570 Implementations](#usingRFC6570Implementations) for additional guidance. + +###### Fixed Fields for use with `content` + +For more complex scenarios, the [`content`](#headerContent) property can define the media type and schema of the header, as well as give examples of its use. +Using `content` with a `text/plain` media type is RECOMMENDED for headers where the `schema` strategy is not appropriate. + +Field Name | Type | Description +---|:---:|--- +content | Map[`string`, [Media Type Object](#mediaTypeObject)] | A map containing the representations for the header. The key is the media type and the value describes it. The map MUST only contain one entry. ##### Header Object Example A simple header of type `integer`: ```json -{ +"X-Rate-Limit-Limit": { "description": "The number of allowed requests in the current period", "schema": { "type": "integer" @@ -2252,9 +2290,36 @@ A simple header of type `integer`: ``` ```yaml -description: The number of allowed requests in the current period -schema: - type: integer +X-Rate-Limit-Limit: + description: The number of allowed requests in the current period + schema: + type: integer +``` + +Requiring that a strong `ETag` header (with a value starting with `"` rather than `W/`) is present. Note the use of `content`, because using `schema` and `style` would require the `"` to be percent-encoded as `%22`: + +```json +"ETag": { + "required": true, + "content": { + "text/plain": { + "schema": { + "type": "string", + "pattern": "^\"" + } + } + } +} +``` + +```yaml +ETag: + required: true + content: + text/plain: + schema: + type: string + pattern: ^" ``` #### Tag Object From ee409871ed9126dfe3c4cb87bf77771fcb8aaeed Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Thu, 30 May 2024 13:32:27 -0700 Subject: [PATCH 072/251] Stub out linked appendixes... ...to placate the PR checks in GitHub. --- versions/3.0.4.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 75d1eecad2..ca95cc9e1a 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -3588,3 +3588,7 @@ Version | Date | Notes 1.2 | 2014-03-14 | Initial release of the formal document. 1.1 | 2012-08-22 | Release of Swagger 1.1 1.0 | 2011-08-10 | First release of the Swagger Specification + +## Appendix C: Using RFC6570 Implementations + +## Appendix D: Serializing Headers and Cookies From 9b4982152d1bcfdde63b31acbb05d5491178a77d Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Mon, 3 Jun 2024 10:33:37 -0700 Subject: [PATCH 073/251] Mention the format registry in the data types section --- versions/3.0.4.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index c01339faab..c5e882c790 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -182,6 +182,8 @@ Models are defined using the [Schema Object](#schemaObject), which is an extende OAS uses several known formats to define in fine detail the data type being used. However, to support documentation needs, the `format` property is an open `string`-valued property, and can have any value. Formats such as `"email"`, `"uuid"`, and so on, MAY be used even though they are not defined by this specification. +The OpenAPI Initiative also hosts a [Format Registry](https://spec.openapis.org/registry/format/) for formats defined by OAS users and other specifications. Support for any registry format is strictly OPTIONAL, and support for one registry format does not imply support for any others. + Types that are not accompanied by a `format` property follow the type definition in the JSON Schema. Tools that do not recognize a specific `format` MAY default back to the `type` alone, as if the `format` is not specified. The formats defined by the OAS are: From e386f10a0b2b10c9ee4a5cfbc2759df90ac9a3c4 Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Mon, 3 Jun 2024 15:58:30 -0700 Subject: [PATCH 074/251] Use ZIP+4 as a string, also shows encoding of + --- versions/3.0.4.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index a9586a8fe2..182993dd1b 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -1532,21 +1532,21 @@ In this example, the contents in the `requestBody` MUST be encoded per [RFC1866] When passing complex objects in the `application/x-www-form-urlencoded` content type, the default serialization strategy of such properties is described in the [Encoding Object](#encodingObject)'s [`style`](#encodingStyle) property as `form`. -With this example, given an `id` of `f81d4fae-7dec-11d0-a765-00a0c91e6bf6` and a US-style address as follows: +With this example, given an `id` of `f81d4fae-7dec-11d0-a765-00a0c91e6bf6` and a US-style address (with ZIP+4) as follows: ```json { "streetAddress": "123 Example Dr.", "city": "Somewhere", "state": "CA", - "zip": 99999 + "zip": "99999+1234" } ``` -Assuming the most compact representation of the JSON value (with unnecessary whitespace removed), we would expect to see the following request body, where space characters have been replaced with `+` and `"`, `{`, and `}` have been percent-encoded to `%22`, `%7B`, and `%7D`, respectively: +Assuming the most compact representation of the JSON value (with unnecessary whitespace removed), we would expect to see the following request body, where space characters have been replaced with `+` and `+`, `"`, `{`, and `}` have been percent-encoded to `%2B`, `%22`, `%7B`, and `%7D`, respectively: ```urlencoded -id=f81d4fae-7dec-11d0-a765-00a0c91e6bf6&address=%7B%22streetAddress%22:%22123+Example+Dr.%22,%22city%22:%22Somewhere%22,%22state%22:%22CA%22,%22zip%22:99999%7D +id=f81d4fae-7dec-11d0-a765-00a0c91e6bf6&address=%7B%22streetAddress%22:%22123+Example+Dr.%22,%22city%22:%22Somewhere%22,%22state%22:%22CA%22,%22zip%22:%2299999%2B1234%22%7D ``` Note that the `id` keyword is treated as `text/plain` per the [Encoding Object](#encodingObject)'s default behavior, and is serialized as-is. From 7e141bb8aa3cbec3831ee3802b1619a7e10e80e0 Mon Sep 17 00:00:00 2001 From: Henry Andrews Date: Tue, 4 Jun 2024 08:09:16 -0700 Subject: [PATCH 075/251] Wording improvement (review feedback) Co-authored-by: Ralf Handl --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index c5e882c790..8de3ea202f 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -182,7 +182,7 @@ Models are defined using the [Schema Object](#schemaObject), which is an extende OAS uses several known formats to define in fine detail the data type being used. However, to support documentation needs, the `format` property is an open `string`-valued property, and can have any value. Formats such as `"email"`, `"uuid"`, and so on, MAY be used even though they are not defined by this specification. -The OpenAPI Initiative also hosts a [Format Registry](https://spec.openapis.org/registry/format/) for formats defined by OAS users and other specifications. Support for any registry format is strictly OPTIONAL, and support for one registry format does not imply support for any others. +The OpenAPI Initiative also hosts a [Format Registry](https://spec.openapis.org/registry/format/) for formats defined by OAS users and other specifications. Support for any registered format is strictly OPTIONAL, and support for one registered format does not imply support for any others. Types that are not accompanied by a `format` property follow the type definition in the JSON Schema. Tools that do not recognize a specific `format` MAY default back to the `type` alone, as if the `format` is not specified. From d6b71cdf052636fcbc0a73c2a773d6d8feb32ae1 Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Tue, 4 Jun 2024 08:28:05 -0700 Subject: [PATCH 076/251] Note extension registry in extensions section. --- versions/3.0.4.md | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 8de3ea202f..2edcf3f448 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -3510,9 +3510,14 @@ The extensions properties are implemented as patterned fields that are always pr Field Pattern | Type | Description ---|:---:|--- -^x- | Any | Allows extensions to the OpenAPI Schema. The field name MUST begin with `x-`, for example, `x-internal-id`. The value can be `null`, a primitive, an array or an object. Can have any valid JSON format value. +^x- | Any | Allows extensions to the OpenAPI Schema. The field name MUST begin with `x-`, for example, `x-internal-id`. The value can be any valid JSON format value (`null`, a primitive, an array or an object.) -The extensions may or may not be supported by the available tooling, but those may be extended as well to add requested support (if tools are internal or open-sourced). +The OpenAPI Initiative maintains several [extension registries](https://spec.openapis.org/registry/index.html), including registries for [individual extension keywords](https://spec.openapis.org/registry/extension/) and [extension keyword namespaces](https://spec.openapis.org/registry/namespace/). + +Extensions are one of the best ways to prove the viability of proposed additions to the specification. +It is therefore RECOMMENDED that implementations be designed for extensibility to support community experimentation. + +Support for any one extension is OPTIONAL, and support for one extension does not imply support for others. ### Security Filtering From 7aef3b55a42d385691a4030aa603673c5801dd6b Mon Sep 17 00:00:00 2001 From: Henry Andrews Date: Tue, 4 Jun 2024 08:58:18 -0700 Subject: [PATCH 077/251] Better wording (review feedback) Co-authored-by: Ralf Handl --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index ca95cc9e1a..3e9c4ed601 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -2248,7 +2248,7 @@ Field Name | Type | Description ---|:---:|--- description | `string` | A brief description of the header. This could contain examples of use. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. required | `boolean` | Determines whether this header is mandatory. The default value is `false`. - deprecated | `boolean` | Specifies that a parameter is deprecated and SHOULD be transitioned out of usage. Default value is `false`. + deprecated | `boolean` | Specifies that the header is deprecated and SHOULD be transitioned out of usage. Default value is `false`. ###### Fixed Fields for use with `schema` From 56b2a0325b1aeef8440e5674637f297f77b0180a Mon Sep 17 00:00:00 2001 From: Matthias Mohr Date: Fri, 19 Apr 2024 20:30:26 +0200 Subject: [PATCH 078/251] Clarify openIdConnectUrl #3630 --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 12b2375a79..e0f48695dd 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -3261,7 +3261,7 @@ Field Name | Type | Applies To | Description scheme | `string` | `http` | **REQUIRED**. The name of the HTTP Authentication scheme to be used in the [Authorization header as defined in RFC7235](https://tools.ietf.org/html/rfc7235#section-5.1). The values used SHOULD be registered in the [IANA Authentication Scheme registry](https://www.iana.org/assignments/http-authschemes/http-authschemes.xhtml). The value is case-insensitive, as defined in [RFC7235](https://datatracker.ietf.org/doc/html/rfc7235#section-2.1). bearerFormat | `string` | `http` (`"bearer"`) | A hint to the client to identify how the bearer token is formatted. Bearer tokens are usually generated by an authorization server, so this information is primarily for documentation purposes. flows | [OAuth Flows Object](#oauthFlowsObject) | `oauth2` | **REQUIRED**. An object containing configuration information for the flow types supported. -openIdConnectUrl | `string` | `openIdConnect` | **REQUIRED**. OpenId Connect URL to discover OAuth2 configuration values. This MUST be in the form of a URL. +openIdConnectUrl | `string` | `openIdConnect` | **REQUIRED**. OpenID Connect URL to discover the [OpenID Connect Configuration Information](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig). This MUST be in the form of a URL that points to the well-known document and ends with `/.well-known/openid-configuration`. The OpenID Connect standard requires the use of TLS. This object MAY be extended with [Specification Extensions](#specificationExtensions). From c545355d4fb9065d1db067022d27cb1d0679ce19 Mon Sep 17 00:00:00 2001 From: Matthias Mohr Date: Thu, 25 Apr 2024 21:54:06 +0200 Subject: [PATCH 079/251] Update versions/3.0.4.md --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index e0f48695dd..c8fa280882 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -3261,7 +3261,7 @@ Field Name | Type | Applies To | Description scheme | `string` | `http` | **REQUIRED**. The name of the HTTP Authentication scheme to be used in the [Authorization header as defined in RFC7235](https://tools.ietf.org/html/rfc7235#section-5.1). The values used SHOULD be registered in the [IANA Authentication Scheme registry](https://www.iana.org/assignments/http-authschemes/http-authschemes.xhtml). The value is case-insensitive, as defined in [RFC7235](https://datatracker.ietf.org/doc/html/rfc7235#section-2.1). bearerFormat | `string` | `http` (`"bearer"`) | A hint to the client to identify how the bearer token is formatted. Bearer tokens are usually generated by an authorization server, so this information is primarily for documentation purposes. flows | [OAuth Flows Object](#oauthFlowsObject) | `oauth2` | **REQUIRED**. An object containing configuration information for the flow types supported. -openIdConnectUrl | `string` | `openIdConnect` | **REQUIRED**. OpenID Connect URL to discover the [OpenID Connect Configuration Information](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig). This MUST be in the form of a URL that points to the well-known document and ends with `/.well-known/openid-configuration`. The OpenID Connect standard requires the use of TLS. +openIdConnectUrl | `string` | `openIdConnect` | **REQUIRED**. [Well-known URL](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig) to discover the [OpenID Provider Metadata](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata). This object MAY be extended with [Specification Extensions](#specificationExtensions). From 52c3c9301b8bc6819760c506cdc0cfd086b7cee4 Mon Sep 17 00:00:00 2001 From: Matthias Mohr Date: Sat, 27 Apr 2024 11:50:06 +0200 Subject: [PATCH 080/251] Update versions/3.0.4.md --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index c8fa280882..a556f98e8e 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -3261,7 +3261,7 @@ Field Name | Type | Applies To | Description scheme | `string` | `http` | **REQUIRED**. The name of the HTTP Authentication scheme to be used in the [Authorization header as defined in RFC7235](https://tools.ietf.org/html/rfc7235#section-5.1). The values used SHOULD be registered in the [IANA Authentication Scheme registry](https://www.iana.org/assignments/http-authschemes/http-authschemes.xhtml). The value is case-insensitive, as defined in [RFC7235](https://datatracker.ietf.org/doc/html/rfc7235#section-2.1). bearerFormat | `string` | `http` (`"bearer"`) | A hint to the client to identify how the bearer token is formatted. Bearer tokens are usually generated by an authorization server, so this information is primarily for documentation purposes. flows | [OAuth Flows Object](#oauthFlowsObject) | `oauth2` | **REQUIRED**. An object containing configuration information for the flow types supported. -openIdConnectUrl | `string` | `openIdConnect` | **REQUIRED**. [Well-known URL](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig) to discover the [OpenID Provider Metadata](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata). +openIdConnectUrl | `string` | `openIdConnect` | **REQUIRED**. [Well-known URL](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig) to discover the [OpenID provider metadata](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata). This object MAY be extended with [Specification Extensions](#specificationExtensions). From 726929ffc91613fa01a764f80c8551fd95f2845d Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Sun, 19 May 2024 11:42:51 -0700 Subject: [PATCH 081/251] Further clarify discriminator usage (3.0.4) This backports changes made to the Discriminator Object in 3.1.1 and merges them with the changes made on this branch. Note that the previouc changes incorporated reworked ideas from @jdesrosiers regarding the ambiguous `mapping` syntax submitted in the 3.1.1 changes but not accepted at that time due to compatibility concerns. This commit merges in the parts of that 3.1.1 change that were accepted. For the same compatibility reasons, the MUST wording for requiring the named discriminator property in the schema was (regrettably) weakened to a "SHOULD but otherwise undefined", as we have done for other problematic ambiguities. Co-authored-by: Jason Desrosiers --- versions/3.0.4.md | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 12b2375a79..d363d7d3c9 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -163,6 +163,10 @@ When parsing an OAD, JSON or YAML objects are parsed into specific Objects (such If the same JSON/YAML object is parsed multiple times and the respective contexts require it to be parsed as _different_ Object types, the resulting behavior is _implementation defined_, and MAY be treated as an error if detected. An example would be referencing an empty Schema Object under `#/components/schemas` where a Path Item Object is expected, as an empty object is valid for both types. For maximum interoperability, it is RECOMMENDED that OpenAPI Description authors avoid such scenarios. +#### Resolving Implicit Connections + +***TODO: In another PR*** + ### Data Types Primitive data types in the OAS are based on the types supported by the [JSON Schema Specification Wright Draft 00](https://tools.ietf.org/html/draft-wright-json-schema-00#section-4.2). @@ -2747,12 +2751,14 @@ components: #### Discriminator Object -When request bodies or response payloads may be one of a number of different schemas, a Discriminator Object can be used to aid in serialization, deserialization, and validation by implicitly or explicitly associating the possible values of a named property with alternative schemas. +When request bodies or response payloads may be one of a number of different schemas, a Discriminator Object gives a hint about the expected schema of the document. +This hint can be used to aid in serialization, deserialization, and validation. +The Discriminator Object does this by implicitly or explicitly associating the possible values of a named property with alternative schemas. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- -propertyName | `string` | **REQUIRED**. The name of the property in the payload that will hold the discriminator value. +propertyName | `string` | **REQUIRED**. The name of the property in the payload that will hold the discriminator value. This property SHOULD be required in the payload schema, as the behavior when the property is absent is undefined. mapping | Map[`string`, `string`] | An object to hold mappings between payload values and schema names or URI references. ##### Conditions for Using the Discriminator Object @@ -2776,6 +2782,8 @@ However, the exact nature of such conversions are implementation-defined. ##### Examples +For these examples, assume all schemas are in the entry OpenAPI document; for handling of `discriminator` in referenced documents see [Resolving Implicit Connections](#resolvingImplicitConnections). + In OAS 3.0, a response payload MAY be described to be exactly one of any number of types: ```yaml @@ -2826,7 +2834,7 @@ MyResponseType: monster: https://gigantic-server.com/schemas/Monster/schema.json ``` -Here the discriminator _value_ of `dog` will map to the schema `#/components/schemas/Dog`, rather than the default (implicit) value of `Dog`. If the discriminator _value_ does not match an implicit or explicit mapping, no schema can be determined and validation SHOULD fail. +Here the discriminator property _value_ of `dog` will map to the schema `#/components/schemas/Dog`, rather than the default (implicit) value of `#/components/schemas/dog`. If the discriminator property _value_ does not match an implicit or explicit mapping, no schema can be determined and validation SHOULD fail. When used in conjunction with the `anyOf` construct, the use of the discriminator can avoid ambiguity where multiple schemas may satisfy a single payload. From 1308aa8ff45bde043b243a9dacdf64668577a9c5 Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Fri, 31 May 2024 13:57:02 -0700 Subject: [PATCH 082/251] Use "discriminating value" consistently I found the "discriminator value" language confusing, because `discriminator` is the field name, and in most cases the value of a field is the value in the OpenAPI Description. Reviewers did not like "discriminator property value", but "discriminating value" makes it clear that this is about the value that actually causes schema selection, and not about the value of the discriminator keyword. Also removed placeholder in favor of just having the headings, as has been done in several other PRs that overlap with new section PRs for internal linking. --- versions/3.0.4.md | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index d363d7d3c9..c19ef234ea 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -165,8 +165,6 @@ If the same JSON/YAML object is parsed multiple times and the respective context #### Resolving Implicit Connections -***TODO: In another PR*** - ### Data Types Primitive data types in the OAS are based on the types supported by the [JSON Schema Specification Wright Draft 00](https://tools.ietf.org/html/draft-wright-json-schema-00#section-4.2). @@ -2648,7 +2646,7 @@ components: ] }, "Cat": { - "description": "A representation of a cat. Note that `Cat` will be used as the discriminator value.", + "description": "A representation of a cat. Note that `Cat` will be used as the discriminating value.", "allOf": [ { "$ref": "#/components/schemas/Pet" @@ -2675,7 +2673,7 @@ components: ] }, "Dog": { - "description": "A representation of a dog. Note that `Dog` will be used as the discriminator value.", + "description": "A representation of a dog. Note that `Dog` will be used as the discriminating value.", "allOf": [ { "$ref": "#/components/schemas/Pet" @@ -2717,7 +2715,7 @@ components: required: - name - petType - Cat: # "Cat" will be used as the discriminator value + Cat: # "Cat" will be used as the discriminating value description: A representation of a cat allOf: - $ref: '#/components/schemas/Pet' @@ -2733,7 +2731,7 @@ components: - aggressive required: - huntingSkill - Dog: # "Dog" will be used as the discriminator value + Dog: # "Dog" will be used as the discriminating value description: A representation of a dog allOf: - $ref: '#/components/schemas/Pet' @@ -2758,7 +2756,7 @@ The Discriminator Object does this by implicitly or explicitly associating the p ##### Fixed Fields Field Name | Type | Description ---|:---:|--- -propertyName | `string` | **REQUIRED**. The name of the property in the payload that will hold the discriminator value. This property SHOULD be required in the payload schema, as the behavior when the property is absent is undefined. +propertyName | `string` | **REQUIRED**. The name of the property in the payload that will hold the discriminating value. This property SHOULD be required in the payload schema, as the behavior when the property is absent is undefined. mapping | Map[`string`, `string`] | An object to hold mappings between payload values and schema names or URI references. ##### Conditions for Using the Discriminator Object @@ -2834,7 +2832,7 @@ MyResponseType: monster: https://gigantic-server.com/schemas/Monster/schema.json ``` -Here the discriminator property _value_ of `dog` will map to the schema `#/components/schemas/Dog`, rather than the default (implicit) value of `#/components/schemas/dog`. If the discriminator property _value_ does not match an implicit or explicit mapping, no schema can be determined and validation SHOULD fail. +Here the discriminating value of `dog` will map to the schema `#/components/schemas/Dog`, rather than the default (implicit) value of `#/components/schemas/dog`. If the discriminating value does not match an implicit or explicit mapping, no schema can be determined and validation SHOULD fail. When used in conjunction with the `anyOf` construct, the use of the discriminator can avoid ambiguity where multiple schemas may satisfy a single payload. From 29e765811a93a22a6a93036c0e21555b8fb5c97f Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Tue, 4 Jun 2024 13:23:08 -0700 Subject: [PATCH 083/251] Review feedback. --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 3e9c4ed601..6cd99e8c5a 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -2260,7 +2260,7 @@ Serializing with `schema` is NOT RECOMMENDED for headers with parameters (name=v Field Name | Type | Description ---|:---:|--- style | `string` | Describes how the header value will be serialized. The default (and only legal value for headers) is `simple`. -explode | `boolean` | When this is true, header values of type `array` or `object` generate separate header values for each value of the array or key-value pair of the map. For other types of parameters this property has no effect. The default value is `false`. +explode | `boolean` | When this is true, header values of type `array` or `object` generate a single header whose value is a comma-separated list of the array items or key-value pairs of the map, see [Style Examples](https://github.com/OAI/OpenAPI-Specification/blob/v3.0.4-dev/versions/3.0.4.md#style-examples). For other data types this property has no effect. The default value is `false`. schema | [Schema Object](#schemaObject) \| [Reference Object](#referenceObject) | The schema defining the type used for the header. example | Any | Example of the header's potential value. The example SHOULD match the specified schema and encoding properties if present. The `example` field is mutually exclusive of the `examples` field. Furthermore, if referencing a `schema` that contains an example, the `example` value SHALL _override_ the example provided by the schema. To represent examples of media types that cannot naturally be represented in JSON or YAML, a string value can contain the example with escaping where necessary. examples | Map[ `string`, [Example Object](#exampleObject) \| [Reference Object](#referenceObject)] | Examples of the header's potential value. Each example SHOULD contain a value in the correct format as specified in the header encoding. The `examples` field is mutually exclusive of the `example` field. Furthermore, if referencing a `schema` that contains an example, the `examples` value SHALL _override_ the example provided by the schema. From 96f8989bab2e8ef4fad430fde996627effa7c48a Mon Sep 17 00:00:00 2001 From: Henry Andrews Date: Tue, 4 Jun 2024 13:27:58 -0700 Subject: [PATCH 084/251] Better wording from review feedback Co-authored-by: Lorna Jane Mitchell --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 2edcf3f448..b05a267fe6 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -2002,7 +2002,7 @@ transactionCallback: An object grouping an internal or external example value with basic `summary` and `description` metadata. This object is typically used in properties named `examples` (plural), and is a [referenceable](#referenceObject) alternative to older `example` (singular) fields that do not support referencing or metadata. -Allows sharing an example to demonstrate the usage of properties, parameters and objects within OpenAPI. +Examples allow demonstration of the usage of properties, parameters and objects within OpenAPI. ##### Fixed Fields Field Name | Type | Description From f9dc67b7f6c41b336b9bb3ada6893120c926b646 Mon Sep 17 00:00:00 2001 From: Henry Andrews Date: Tue, 4 Jun 2024 13:28:50 -0700 Subject: [PATCH 085/251] Better formatting (review feedback) Co-authored-by: Lorna Jane Mitchell --- versions/3.0.4.md | 1 + 1 file changed, 1 insertion(+) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index b05a267fe6..98ce89d305 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -101,6 +101,7 @@ The HTTP Status Codes are used to indicate the status of the executed operation. Status codes SHOULD be selected from the available status codes registered in the [IANA Status Code Registry](https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml). ##### HTTP and Case Sensitivity + As most field names and values in the OpenAPI Specification are case-sensitive, this document endeavors to call out any case-insensitive names and values. However, the case sensitivity of field names and values that map directly to HTTP concepts follow the case sensitivity rules of HTTP, even if this document does not make a note of every concept. From e25e23c1ae0e9d0167f2dcc4147818dde2012831 Mon Sep 17 00:00:00 2001 From: Henry Andrews Date: Tue, 4 Jun 2024 13:29:20 -0700 Subject: [PATCH 086/251] better formatting (review feedback) Co-authored-by: Lorna Jane Mitchell --- versions/3.0.4.md | 1 + 1 file changed, 1 insertion(+) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 98ce89d305..1cf0fa2d00 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -2000,6 +2000,7 @@ transactionCallback: ``` #### Example Object + An object grouping an internal or external example value with basic `summary` and `description` metadata. This object is typically used in properties named `examples` (plural), and is a [referenceable](#referenceObject) alternative to older `example` (singular) fields that do not support referencing or metadata. From 43618e21a0b1520de55bad814df8cdd2824f1a4a Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Wed, 5 Jun 2024 11:28:32 -0700 Subject: [PATCH 087/251] Warn of interop issues w/Markdown extensions Thanks to @lornajane for the review feedback. --- versions/3.0.4.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 1cf0fa2d00..47855ac9fc 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -214,7 +214,11 @@ Note that the encoding indicated by `byte`, which inflates the size of data in o ### Rich Text Formatting Throughout the specification `description` fields are noted as supporting CommonMark markdown formatting. -Where OpenAPI tooling renders rich text it MUST support, at a minimum, markdown syntax as described by [CommonMark 0.27](https://spec.commonmark.org/0.27/). Tooling MAY choose to implement extensions on top of CommonMark 0.27, and MAY choose to ignore some CommonMark or extension features to address security concerns. +Where OpenAPI tooling renders rich text it MUST support, at a minimum, markdown syntax as described by [CommonMark 0.27](https://spec.commonmark.org/0.27/). Tooling MAY choose to ignore some CommonMark or extension features to address security concerns. + +While the framing of CommonMark 0.27 as a minimum requirement means that tooling MAY choose to implement extensions on top of it, note that any such extensions are by definition implementation-defined and will not be interoperable. +OpenAPI Description authors SHOULD consider how text using such extensions will be rendered by tools that offer only the minimum support. + ### Relative References in URLs From f9813cd85c9d873ea408fe394e5d51a944be8abb Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Wed, 5 Jun 2024 11:41:16 -0700 Subject: [PATCH 088/251] Clarify version (Info Object) further --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 47855ac9fc..6841ebbd5c 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -269,7 +269,7 @@ Field Name | Type | Description termsOfService | `string` | A URL to the Terms of Service for the API. MUST be in the format of a URL. contact | [Contact Object](#contactObject) | The contact information for the exposed API. license | [License Object](#licenseObject) | The license information for the exposed API. -version | `string` | **REQUIRED**. The version of the OpenAPI document (which is distinct from the [OpenAPI Specification version](#oasVersion) or the API implementation version). +version | `string` | **REQUIRED**. The version of the OpenAPI document (which is distinct from the [OpenAPI Specification version](#oasVersion) or the version of API being described). This object MAY be extended with [Specification Extensions](#specificationExtensions). From 2f129ecf94be28601a65dfe337f8b2499e149517 Mon Sep 17 00:00:00 2001 From: Henry Andrews Date: Thu, 6 Jun 2024 11:06:06 -0700 Subject: [PATCH 089/251] Wording consistency (review feedback) Co-authored-by: Ralf Handl --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 6cd99e8c5a..d9011bdb5e 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -2232,7 +2232,7 @@ Expressions can be embedded into string values by surrounding the expression wit #### Header Object -The Header Object is used to describe headers for [HTTP responses](#responseHeaders) and for [individual parts in `multipart` representations](#encodingHeaders); see the relevant [Header Object](#headerObject) and [Encoding Object](#encodingObject) documentation for restrictions on which headers can be described. +Describes a single header for [HTTP responses](#responseHeaders) and for [individual parts in `multipart` representations](#encodingHeaders); see the relevant [Response Object](#responseObject) and [Encoding Object](#encodingObject) documentation for restrictions on which headers can be described. The Header Object follows the structure of the [Parameter Object](#parameterObject), including determining its serialization strategy based on whether `schema` or `content` is present, with the following changes: From bace4b43843bd18de040aab3d4126a474ed11d0a Mon Sep 17 00:00:00 2001 From: Henry Andrews Date: Fri, 7 Jun 2024 11:23:30 -0700 Subject: [PATCH 090/251] Review feedback Co-authored-by: Ralf Handl --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index d9011bdb5e..bdfe850be8 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -2260,7 +2260,7 @@ Serializing with `schema` is NOT RECOMMENDED for headers with parameters (name=v Field Name | Type | Description ---|:---:|--- style | `string` | Describes how the header value will be serialized. The default (and only legal value for headers) is `simple`. -explode | `boolean` | When this is true, header values of type `array` or `object` generate a single header whose value is a comma-separated list of the array items or key-value pairs of the map, see [Style Examples](https://github.com/OAI/OpenAPI-Specification/blob/v3.0.4-dev/versions/3.0.4.md#style-examples). For other data types this property has no effect. The default value is `false`. +explode | `boolean` | When this is true, header values of type `array` or `object` generate a single header whose value is a comma-separated list of the array items or key-value pairs of the map, see [Style Examples](#style-examples). For other data types this property has no effect. The default value is `false`. schema | [Schema Object](#schemaObject) \| [Reference Object](#referenceObject) | The schema defining the type used for the header. example | Any | Example of the header's potential value. The example SHOULD match the specified schema and encoding properties if present. The `example` field is mutually exclusive of the `examples` field. Furthermore, if referencing a `schema` that contains an example, the `example` value SHALL _override_ the example provided by the schema. To represent examples of media types that cannot naturally be represented in JSON or YAML, a string value can contain the example with escaping where necessary. examples | Map[ `string`, [Example Object](#exampleObject) \| [Reference Object](#referenceObject)] | Examples of the header's potential value. Each example SHOULD contain a value in the correct format as specified in the header encoding. The `examples` field is mutually exclusive of the `example` field. Furthermore, if referencing a `schema` that contains an example, the `examples` value SHALL _override_ the example provided by the schema. From fdb9570529d4488eb86dd1ee726c8054ef8f2675 Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Sat, 8 Jun 2024 13:45:01 -0700 Subject: [PATCH 091/251] Clarify confusing use of YAML "JSON Schema" When we mention YAML's "Failsafe schema" we give it a lower-case "schem", as the YAML documentatio does. We also prefix it with "YAML". However, we capitalize "Schema" in "JSON Schema ruleset", which (given how much JSON Schema is used in the OAS) is a jarring overlap with "JSON Schema". This change aligns "YAML JSON schema ruleset" with "YAML Failsafe ruleset" and explicitly calls out that it is unrelated to JSON Schema. --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 6841ebbd5c..17cd536775 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -148,7 +148,7 @@ Patterned fields MUST have unique names within the containing object. In order to preserve the ability to round-trip between YAML and JSON formats, YAML version [1.2](https://yaml.org/spec/1.2/spec.html) is RECOMMENDED along with some additional constraints: -- Tags MUST be limited to those allowed by the [JSON Schema ruleset](https://yaml.org/spec/1.2/spec.html#id2803231). +- Tags MUST be limited to those allowed by [YAML's JSON schema ruleset](https://yaml.org/spec/1.2/spec.html#id2803231), which defines a subset of the YAML syntax and is unrelated to [JSON Schema](https://tools.ietf.org/html/draft-wright-json-schema-00). - Keys used in YAML maps MUST be limited to a scalar string, as defined by the [YAML Failsafe schema ruleset](https://yaml.org/spec/1.2/spec.html#id2802346). **Note:** While APIs may be defined by OpenAPI documents in either YAML or JSON format, the API request and response bodies and other content are not required to be JSON or YAML. From d39dc03914da838a2940c129e64980a3bde38be1 Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Sun, 9 Jun 2024 10:16:49 -0700 Subject: [PATCH 092/251] Add Security Considerations (3.0.4) This adds the previously standalone security considerations document as a top-level section just before the appendices. --- versions/3.0.4.md | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index c875adebe0..667d7e7500 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -3517,6 +3517,32 @@ Two examples of this: 1. The [Paths Object](#pathsObject) MAY be empty. It may be counterintuitive, but this may tell the viewer that they got to the right place, but can't access any documentation. They'd still have access to the [Info Object](#infoObject) which may contain additional information regarding authentication. 2. The [Path Item Object](#pathItemObject) MAY be empty. In this case, the viewer will be aware that the path exists, but will not be able to see any of its operations or parameters. This is different from hiding the path itself from the [Paths Object](#pathsObject), because the user will be aware of its existence. This allows the documentation provider to finely control what the viewer can see. +## Security Considerations + +### OpenAPI Document Formats + +OpenAPI documents use JSON, YAML, and JSON Schema, and therefore share their security considerations: +- [JSON](https://www.iana.org/assignments/media-types/application/json) +- [YAML](https://www.iana.org/assignments/media-types/application/yaml) +- [JSON Schema Core](https://json-schema.org/draft/2020-12/json-schema-core#section-13) +- [JSON Schema Validation](https://json-schema.org/draft/2020-12/json-schema-validation#name-security-considerations) + +### Tooling and Usage Scenarios + +In addition, OpenAPI documents are processed by a wide variety of tooling for numerous different purposes, such as client code generation, documentation generation, server side routing, and API testing. OpenAPI document authors must consider the risks of the scenarios where the OpenAPI document may be used. + +### Security Schemes + +An OpenAPI document describes the security schemes used to protect the resources it defines. The security schemes available offer varying degrees of protection. Factors such as the sensitivity of the data and the potential impact of a security breach should guide the selection of security schemes for the API resources. Some security schemes, such as basic auth and OAuth Implicit flow, are supported for compatibility with existing APIs. However, their inclusion in OpenAPI does not constitute an endorsement of their use, particularly for highly sensitive data or operations. + +### Handling External Resources + +OpenAPI documents may contain references to external resources that may be dereferenced automatically by consuming tools. External resources may be hosted on different domains that may be untrusted. References in an OpenAPI document, or across OpenAPI documents may cause a cycle. Tooling must detect and handle cycles to prevent resource exhaustion. + +### Markdown and HTML Sanitization + +Certain properties allow the use of Markdown which can contain HTML including script. It is the responsibility of tooling to appropriately sanitize the Markdown. + ## Appendix A: Revision History Version | Date | Notes From d3e02386ac195d706ce575c23c6e893506e71291 Mon Sep 17 00:00:00 2001 From: Henry Andrews Date: Sun, 9 Jun 2024 15:02:59 -0700 Subject: [PATCH 093/251] Consolidate guidance around examples (3.0.4) (#3893) * Consolidate guidance around examples The three (four in 3.1) ways of specifying parameter or media type examples are confusing. There is a lot of guidance that is repeated, making it harder to see the essentials. Some of that guidance is also contradictory, with most saying that the examples SHOULD match various conditions, but one saying that they MUST. Research shows that SHOULD was repeatedly advocated, and instances of MUST corrected back to SHOULD, except for one final commit where MUST was introduced, and the subsequent commit to revert to SHOULD seems to have simply missed one instance. So this change takes the position that the MUST was an error and weakens it to SHOULD to match the other four or five places where the requirement was specified. * Fix typo in examples changes --- versions/3.0.4.md | 113 ++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 105 insertions(+), 8 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index c875adebe0..38ffc18d9f 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -1066,7 +1066,8 @@ Field Name | Type | Description ###### Fixed Fields for use with `schema` For simpler scenarios, a [`schema`](#parameterSchema) and [`style`](#parameterStyle) can describe the structure and syntax of the parameter. -When `example` or `examples` are provided in conjunction with the `schema` object, the example MUST follow the prescribed serialization strategy for the parameter. +When `example` or `examples` are provided in conjunction with the `schema` object, the example SHOULD match the specified schema and follow the prescribed serialization strategy for the parameter. +The `example` and `examples` fields are mutually exclusive, and if either is present it SHALL _override_ any `example` in the schema. Field Name | Type | Description ---|:---:|--- @@ -1074,8 +1075,8 @@ Field Name | Type | Description explode | `boolean` | When this is true, parameter values of type `array` or `object` generate separate parameters for each value of the array or key-value pair of the map. For other types of parameters this property has no effect. When [`style`](#parameterStyle) is `form`, the default value is `true`. For all other styles, the default value is `false`. allowReserved | `boolean` | Determines whether the parameter value SHOULD allow reserved characters, as defined by [RFC3986](https://tools.ietf.org/html/rfc3986#section-2.2) `:/?#[]@!$&'()*+,;=` to be included without percent-encoding. This property only applies to parameters with an `in` value of `query`. The default value is `false`. schema | [Schema Object](#schemaObject) \| [Reference Object](#referenceObject) | The schema defining the type used for the parameter. -example | Any | Example of the parameter's potential value. The example SHOULD match the specified schema and encoding properties if present. The `example` field is mutually exclusive of the `examples` field. Furthermore, if referencing a `schema` that contains an example, the `example` value SHALL _override_ the example provided by the schema. To represent examples of media types that cannot naturally be represented in JSON or YAML, a string value can contain the example with escaping where necessary. -examples | Map[ `string`, [Example Object](#exampleObject) \| [Reference Object](#referenceObject)] | Examples of the parameter's potential value. Each example SHOULD contain a value in the correct format as specified in the parameter encoding. The `examples` field is mutually exclusive of the `example` field. Furthermore, if referencing a `schema` that contains an example, the `examples` value SHALL _override_ the example provided by the schema. +example | Any | Example of the parameter's potential value; see [Working With Examples](#working-with-examples). +examples | Map[ `string`, [Example Object](#exampleObject) \| [Reference Object](#referenceObject)] | Examples of the parameter's potential value; see [Working With Examples](#working-with-examples). ###### Fixed Fields and considerations for use with `content` @@ -1409,12 +1410,16 @@ content: #### Media Type Object Each Media Type Object provides schema and examples for the media type identified by its key. +When `example` or `examples` are provided, the example SHOULD match the specified schema and be in the correct format as specified by the media type and its encoding. +The `example` and `examples` fields are mutually exclusive, and if either is present it SHALL _override_ any `example` in the schema. +See [Working With Examples](#working-with-examples) for further guidance regarding the different ways of specifying examples, including non-JSON/YAML values. + ##### Fixed Fields Field Name | Type | Description ---|:---:|--- schema | [Schema Object](#schemaObject) \| [Reference Object](#referenceObject) | The schema defining the content of the request, response, or parameter. -example | Any | Example of the media type. The example object SHOULD be in the correct format as specified by the media type. The `example` field is mutually exclusive of the `examples` field. Furthermore, if referencing a `schema` which contains an example, the `example` value SHALL _override_ the example provided by the schema. -examples | Map[ `string`, [Example Object](#exampleObject) \| [Reference Object](#referenceObject)] | Examples of the media type. Each example object SHOULD match the media type and specified schema if present. The `examples` field is mutually exclusive of the `example` field. Furthermore, if referencing a `schema` which contains an example, the `examples` value SHALL _override_ the example provided by the schema. +example | Any | Example of the media type; see [Working With Examples](#working-with-examples). +examples | Map[ `string`, [Example Object](#exampleObject) \| [Reference Object](#referenceObject)] | Examples of the media type; see [Working With Examples](#working-with-examples). encoding | Map[`string`, [Encoding Object](#encodingObject)] | A map between a property name and its encoding information. The key, being the property name, MUST exist in the schema as a property. The encoding attribute SHALL only apply to [Request Body Objects](#requestBodyObject), and only when the media type is `multipart` or `application/x-www-form-urlencoded`. If no Encoding Object is provided for a property, the behavior is determined by the default values documented for the Encoding Object. This object MAY be extended with [Specification Extensions](#specificationExtensions). @@ -1999,9 +2004,27 @@ Field Name | Type | Description This object MAY be extended with [Specification Extensions](#specificationExtensions). -In all cases, the example value is expected to be compatible with the type schema -of its associated value. Tooling implementations MAY choose to -validate compatibility automatically, and reject the example value(s) if incompatible. +In all cases, the example value SHOULD be compatible with the schema of its associated value. +Tooling implementations MAY choose to validate compatibility automatically, and reject the example value(s) if incompatible. + +#### Working With Examples + +Example Objects can be used in both [Parameter Objects](#parameterObject) and [Media Type Objects](#mediaTypeObject). +In both Objects, this is done through the `examples` (plural) field. +However, there are two other ways to provide examples: The `example` (singular) field that is mutually exclusive with `examples` in both Objects, and the `example` (singular) field in the [Schema Object](#schemaObject) that appears in the `schema` field of both Objects. +Each of these fields has slightly different considerations. + +The Schema Object's `example` field is used to show example values without regard to how they might be formatted as parameters or within media type representations. + +The mutually exclusive fields in the Parameter or Media Type Objects are used to show example values which SHOULD both match the schema and be formatted as they would appear as a serialized parameter or within a media type representation. +The exact serialization and encoding is determined by various fields in the Parameter Object, or in the Media Type Object's [Encoding Object](#encodingObject). +Because examples using these fields represent the final serialized form of the data, they SHALL _override_ any `example` in the corresponding Schema Object. + +The singular `example` field in the Parameter or Media Type object is concise and convenient for simple examples, but does not offer any other advantages over using Example Objects under `examples`. + +Some examples cannot be represented directly in JSON or YAML. +For all three ways of providing examples, these can be shown as string values with any escaping necessary to make the string valid in the JSON or YAML format of the OpenAPI Description document. +With the Example Object, such values can alternatively be handled through the `externalValue` field. ##### Example Object Examples @@ -2061,6 +2084,80 @@ responses: $ref: '#/components/examples/confirmation-success' ``` +Two different uses of JSON strings: + +First, a request or response body that is just a JSON string (not an object containing a string): + +```json +"application/json": { + "schema": { + "type": "string" + }, + "examples": { + "jsonBody": { + "description": "A body of just the JSON string \"json\"", + "value": "json" + } + } +} +``` + +```yaml +application/json: + schema: + type: string + examples: + jsonBody: + description: 'A body of just the JSON string "json"' + value: json +``` + +In the above example, we can just show the JSON string (or any JSON value) as-is, rather than stuffing a serialized JSON value into a JSON string, which would have looked like `"\"json\""`. + + +In contrast, a JSON string encoded inside of a URL-style form body: + +```json +"application/x-www-form-urlencoded": { + "schema": { + "type": "object", + "properties": { + "jsonValue": { + "type": "string" + } + } + }, + "encoding": { + "jsonValue": { + "contentType": "application/json" + } + }, + "examples": { + "jsonFormValue": { + "description": "The JSON string \"json\" as a form value", + "value": "jsonValue=%22json%22" + } + } +} +``` + +```yaml +application/x-www-form-urlencoded: + schema: + type: object + properties: + jsonValue: + type: string + encoding: + jsonValue: + contentType: application/json + examples: + jsonFormValue: + description: 'The JSON string "json" as a form value' + value: jsonValue=%22json%22 +``` + +In this example, the JSON string had to be serialized before encoding it into the URL form value, so the example includes the quotation marks that are part of the JSON serialization, which are then URL percent-encoded. #### Link Object From d412bf8e502ff1ed0ed49475c24da711664a2835 Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Mon, 10 Jun 2024 10:00:49 -0700 Subject: [PATCH 094/251] Stub out all appendix headers (3.0.4) So that additional PRs can avoid merge conflicts. --- versions/3.0.4.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 4598495e6b..dc61a1a941 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -3698,6 +3698,8 @@ Version | Date | Notes 1.1 | 2012-08-22 | Release of Swagger 1.1 1.0 | 2011-08-10 | First release of the Swagger Specification +## Appendix B: Data Type Conversion + ## Appendix C: Using RFC6570 Implementations Serialization is defined in terms of RFC6570 URI Templates in two scenarios: From deebfd06403195b449ec90e5b02e7a05f26f2bd6 Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Wed, 22 May 2024 15:24:19 -0700 Subject: [PATCH 095/251] Appendix on converting data types to strings (3.0.4) It's very unclear how numbers, booleans, and other non-UTF-8-string values are converted to strings, particularly for the form media types. This adds a brief appendix that acknowledges the lack of standardization, and points to resources for the few cases that do have specifications. It highlights concerns with relying on certain JSON Schema keywords or values for serialization, and suggests defining schemas of type string and requiring applications to perform the conversion prior to schema validation as a way to control the results. This also clarifies that schema validation occurs before serialization. --- versions/3.0.4.md | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index dc61a1a941..f667d093c2 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -1049,6 +1049,7 @@ There are four possible parameter locations specified by the `in` field: The rules for serialization of the parameter are specified in one of two ways. Parameter Objects MUST include either a `content` field or a `schema` field, but not both. +See [Appendix B](#dataTypeConversion) for a discussion of converting values of various types to string representations. ###### Common Fixed Fields @@ -1618,6 +1619,7 @@ An `encoding` attribute is introduced to give you control over the serialization #### Encoding Object A single encoding definition applied to a single schema property. +See [Appendix B](#dataTypeConversion) for a discussion of converting values of various types to string representations. ##### Fixed Fields Field Name | Type | Description @@ -3700,6 +3702,29 @@ Version | Date | Notes ## Appendix B: Data Type Conversion +Serializing typed data to plain text, which can occur in `text/plain` message bodies or `multipart` parts, as well as in the `application/x-www-form-urlencoded` format in either URL query strings or message bodies, involves significant implementation- or application-defined behavior. + +Schema Objects validate data based on the [JSON Schema data model](https://datatracker.ietf.org/doc/html/draft-bhutton-json-schema-00#section-4.2.1), which only recognizes four primitive data types: strings (which are UTF-8 except in [extremely limited circumstances](https://datatracker.ietf.org/doc/html/rfc8259#section-8.1)), numbers, booleans, and `null`. +Notably, integers are not a distinct type from other numbers, with `type: integer` being a convenience defined mathematically, rather than based on the presence or absence of a decimal point in any string representation. + +The Parameter and Encoding Objects offer features to control how to arrange values from array or object types. +They can also be used to control how strings are further encoded to avoid reserved or illegal characters. +However, there is no general-purpose specification for converting schema-validated non-UTF-8 primitive data types (or entire arrays or objects) to strings. + +Two cases do offer standards-based guidance: + +* [RFC3987 §3.1](https://datatracker.ietf.org/doc/html/rfc3987#section-3.1) provides guidance for converting non-Unicode strings to UTF-8, particularly in the context of URIs (and by extension, the form media types which use the same encoding rules) +* [RFC6570 §2.3](https://www.rfc-editor.org/rfc/rfc6570#section-2.3) specifies which values, including but not limited to `null`, are considered _undefined_ and therefore treated specially in the expansion process when serializing based on that specification + +To control the serialization of numbers, booleans, and `null` (or other values RFC6570 deems to be undefined) more precisely, schemas can be defined as `type: string` and constrained using `pattern`, `enum`, `format`, and other keywords to communicated how applications must pre-convert their data prior to schema validation. +The resulting strings would not require any further type conversion. + +The `format` keyword can assist in serialization. +Some formats (such as `date-time` or `byte`) are unambiguous, while others (such as [`decimal`](https://spec.openapis.org/registry/format/decimal.html) in the [Format Registry](https://spec.openapis.org/registry/format/)) are less clear. +However, care must be taken with `format` to ensure that the specific formats are supported by all relevant tools as unrecognized formats are ignored. + +Requiring input as pre-formatted, schema-validated strings also improves round-trip interoperability as not all programming languages and environments support the same data types. + ## Appendix C: Using RFC6570 Implementations Serialization is defined in terms of RFC6570 URI Templates in two scenarios: From b6e72042052889b16ed38a48a3c4f2859ee97dc4 Mon Sep 17 00:00:00 2001 From: Henry Andrews Date: Thu, 23 May 2024 07:33:14 -0700 Subject: [PATCH 096/251] Make Object names links (review feedback) Co-authored-by: Ralf Handl --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index f667d093c2..1c545797aa 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -3707,7 +3707,7 @@ Serializing typed data to plain text, which can occur in `text/plain` message bo Schema Objects validate data based on the [JSON Schema data model](https://datatracker.ietf.org/doc/html/draft-bhutton-json-schema-00#section-4.2.1), which only recognizes four primitive data types: strings (which are UTF-8 except in [extremely limited circumstances](https://datatracker.ietf.org/doc/html/rfc8259#section-8.1)), numbers, booleans, and `null`. Notably, integers are not a distinct type from other numbers, with `type: integer` being a convenience defined mathematically, rather than based on the presence or absence of a decimal point in any string representation. -The Parameter and Encoding Objects offer features to control how to arrange values from array or object types. +The [Parameter Object](#parameterObject) and [Encoding Object](#encodingObject) offer features to control how to arrange values from array or object types. They can also be used to control how strings are further encoded to avoid reserved or illegal characters. However, there is no general-purpose specification for converting schema-validated non-UTF-8 primitive data types (or entire arrays or objects) to strings. From 1b6c4262e90dd8ec5d925ffe4a2cf51599a6d4aa Mon Sep 17 00:00:00 2001 From: Henry Andrews Date: Thu, 23 May 2024 07:33:44 -0700 Subject: [PATCH 097/251] Grammatical typo (review feedback) Co-authored-by: Ralf Handl --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 1c545797aa..6b4d526901 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -3716,7 +3716,7 @@ Two cases do offer standards-based guidance: * [RFC3987 §3.1](https://datatracker.ietf.org/doc/html/rfc3987#section-3.1) provides guidance for converting non-Unicode strings to UTF-8, particularly in the context of URIs (and by extension, the form media types which use the same encoding rules) * [RFC6570 §2.3](https://www.rfc-editor.org/rfc/rfc6570#section-2.3) specifies which values, including but not limited to `null`, are considered _undefined_ and therefore treated specially in the expansion process when serializing based on that specification -To control the serialization of numbers, booleans, and `null` (or other values RFC6570 deems to be undefined) more precisely, schemas can be defined as `type: string` and constrained using `pattern`, `enum`, `format`, and other keywords to communicated how applications must pre-convert their data prior to schema validation. +To control the serialization of numbers, booleans, and `null` (or other values RFC6570 deems to be undefined) more precisely, schemas can be defined as `type: string` and constrained using `pattern`, `enum`, `format`, and other keywords to communicate how applications must pre-convert their data prior to schema validation. The resulting strings would not require any further type conversion. The `format` keyword can assist in serialization. From 1cf5b0b199b644fa3bcfbf3bea5bad9083b51f8f Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Thu, 23 May 2024 12:06:56 -0700 Subject: [PATCH 098/251] Use correct versions of JSON Schema and JSON specs JSON Schema was accidentally the draft for 3.1, while this spec uses the older 7159 for JSON instead of 8259, so I have matched that rather than change it or cite both. --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 6b4d526901..2e2be7050b 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -3704,7 +3704,7 @@ Version | Date | Notes Serializing typed data to plain text, which can occur in `text/plain` message bodies or `multipart` parts, as well as in the `application/x-www-form-urlencoded` format in either URL query strings or message bodies, involves significant implementation- or application-defined behavior. -Schema Objects validate data based on the [JSON Schema data model](https://datatracker.ietf.org/doc/html/draft-bhutton-json-schema-00#section-4.2.1), which only recognizes four primitive data types: strings (which are UTF-8 except in [extremely limited circumstances](https://datatracker.ietf.org/doc/html/rfc8259#section-8.1)), numbers, booleans, and `null`. +Schema Objects validate data based on the [JSON Schema data model](https://datatracker.ietf.org/doc/html/draft-wright-json-schema-00#section-4.2), which only recognizes four primitive data types: strings (which are [only broadly interoperable as UTF-8](https://datatracker.ietf.org/doc/html/rfc7159#section-8.1)), numbers, booleans, and `null`. Notably, integers are not a distinct type from other numbers, with `type: integer` being a convenience defined mathematically, rather than based on the presence or absence of a decimal point in any string representation. The [Parameter Object](#parameterObject) and [Encoding Object](#encodingObject) offer features to control how to arrange values from array or object types. From aacbbc942e9b233f6aec658abaa7ad8bf3783b68 Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Fri, 24 May 2024 17:13:43 -0700 Subject: [PATCH 099/251] Add note about RFC6570 type conversions The spec doesn't address it, but implementations often have their own rules. --- versions/3.0.4.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 2e2be7050b..5beacd3522 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -3716,6 +3716,9 @@ Two cases do offer standards-based guidance: * [RFC3987 §3.1](https://datatracker.ietf.org/doc/html/rfc3987#section-3.1) provides guidance for converting non-Unicode strings to UTF-8, particularly in the context of URIs (and by extension, the form media types which use the same encoding rules) * [RFC6570 §2.3](https://www.rfc-editor.org/rfc/rfc6570#section-2.3) specifies which values, including but not limited to `null`, are considered _undefined_ and therefore treated specially in the expansion process when serializing based on that specification +Implementations of RFC6570 often have their own conventions for converting non-string values, but these are implementation-specific and not defined by the RFC itself. +This is one reason for the OpenAPI Specification to leave these conversions as implementation-defined: It allows using RFC6570 implementations regardless of how they choose to perform the conversions. + To control the serialization of numbers, booleans, and `null` (or other values RFC6570 deems to be undefined) more precisely, schemas can be defined as `type: string` and constrained using `pattern`, `enum`, `format`, and other keywords to communicate how applications must pre-convert their data prior to schema validation. The resulting strings would not require any further type conversion. From cd74c9dcdde2a02ec4662e72f17f39c3c97b04e9 Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Wed, 22 May 2024 17:38:57 -0700 Subject: [PATCH 100/251] Warnings for header and cookie serialization (3.0.4) This makes serializing cookie paramters and most header parameters with `schema` and `style` NOT RECOMMENDED. It is not clear that any `schema`-based serialization for cookies will produce a correct value (although the reason is sufficiently obscure that many implementations might ignore it and produce cookie-compliant output anyway). With headers, there are numerous pitfalls and only the simplest scenarios will work properly, although perhaps the warning here could be reworded to emphasize the safe scenarios more clearly. The details are relegated to an appendix, because truly, most people will not want to know. But recommending against syntactically legal configurations really does need to be explained in the spec. Also, don't use - in: header name: Cookie Because... yeah. --- versions/3.0.4.md | 28 ++++++++++++++++++++++++++-- 1 file changed, 26 insertions(+), 2 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index dc61a1a941..4823a532ce 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -1044,7 +1044,6 @@ There are four possible parameter locations specified by the `in` field: * header - Custom headers that are expected as part of the request. Note that [RFC7230](https://tools.ietf.org/html/rfc7230#page-22) states header names are case insensitive. * cookie - Used to pass a specific cookie value to the API. - ##### Fixed Fields The rules for serialization of the parameter are specified in one of two ways. @@ -1063,12 +1062,16 @@ Field Name | Type | Description deprecated | `boolean` | Specifies that a parameter is deprecated and SHOULD be transitioned out of usage. Default value is `false`. allowEmptyValue | `boolean` | If `true`, clients MAY pass a zero-length string value in place of parameters that would otherwise be omitted entirely, which the server SHOULD interpret as the parameter being unused. Default value is `false`. If [`style`](#parameterStyle) is used, and if behavior is `n/a` (cannot be serialized), the value of `allowEmptyValue` SHALL be ignored. Interactions between this field and the parameter's [Schema Object](#schemaObject) are implementation-defined. This field is valid only for `query` parameters. Use of this property is NOT RECOMMENDED, and it is likely to be removed in a later revision. +Note that while `"Cookie"` as a `name` is not forbidden with `in: header`, the effect of defining a cookie parameter that way is undefined; use `in: cookie` instead. + ###### Fixed Fields for use with `schema` For simpler scenarios, a [`schema`](#parameterSchema) and [`style`](#parameterStyle) can describe the structure and syntax of the parameter. When `example` or `examples` are provided in conjunction with the `schema` object, the example SHOULD match the specified schema and follow the prescribed serialization strategy for the parameter. The `example` and `examples` fields are mutually exclusive, and if either is present it SHALL _override_ any `example` in the schema. +Serializing with `schema` is NOT RECOMMENDED for `in: cookie` parameters, `in: header` paramters that use HTTP header parameters (name=value pairs following a `;`) in their values, or `in: header` parameters where values might have non-URL-safe characters; see [Appendix D](#serializingHeadersAndCookies) for details. + Field Name | Type | Description ---|:---:|--- style | `string` | Describes how the parameter value will be serialized depending on the type of the parameter value. Default values (based on value of `in`): for `query` - `form`; for `path` - `simple`; for `header` - `simple`; for `cookie` - `form`. @@ -1080,14 +1083,16 @@ Field Name | Type | Description See also [Appendix C: Using RFC6570 Implementations](#usingRFC6570Implementations) for additional guidance. -###### Fixed Fields and considerations for use with `content` +###### Fixed Fields for use with `content` For more complex scenarios, the [`content`](#parameterContent) property can define the media type and schema of the parameter, as well as give examples of its use. +Using `content` with a `text/plain` media type is RECOMMENDED for `in: header` and `in: cookie` parameters where the `schema` strategy is not appropriate. Field Name | Type | Description ---|:---:|--- content | Map[`string`, [Media Type Object](#mediaTypeObject)] | A map containing the representations for the parameter. The key is the media type and the value describes it. The map MUST only contain one entry. + ##### Style Values In order to support common ways of serializing simple parameters, a set of `style` values are defined. @@ -3941,4 +3946,23 @@ This will expand to the result: ## Appendix D: Serializing Headers and Cookies +RFC6570's percent-encoding behavior is not always appropriate for `in: header` and `in: cookie` parameters. +In many cases, it is more appropriate to use `content` with a media type such as `text/plain` and require the application to assemble the correct string. + +For both cookies ([RFC6265](https://www.rfc-editor.org/rfc/rfc6265)) and HTTP headers using the structured fields ([RFC8941](https://www.rfc-editor.org/rfc/rfc8941)) syntax, non-ASCII content is handled using base64 encoding (`format: byte`). +Note that the standard base64 encoding alphabet includes non-URL-safe characters that are percent-encoded by RFC6570 expansion; serializing values through both encodings is NOT RECOMMENDED. + +Most HTTP headers predate the structured field syntax, and a comprehensive assessment of their syntax and encoding rules is well beyond the scope of this specification. +While [RFC8187](https://www.rfc-editor.org/rfc/rfc8187) recommends percent-encoding HTTP field (header or trailer) parameters, these parameters appear after a `;` character. +With `style: simple`, that delimiter would itself be percent-encoded, violating the general HTTP field syntax. + +Using `style: form` with `in: cookie` is ambiguous for a single value, and incorrect for multiple values. +This is true whether the multiple values are the result of using `explode: true` or not. + +This style is specified to be equivalent to RFC6570 form expansion which includes the `?` character (see Appendix C for more details), which is not part of the cookie syntax. +However, examples of this style in past versions of this specification have not included the `?` prefix, suggesting that the comparison is not exact. +Because implementations that rely on an RFC6570 implementation and those that perform custom serialization based on the style example will produce different results, it is implementation-defined as to which of the two results is correct. + +For multiple values, `style: form` is always incorrect as name=value pairs in cookies are delimited by `; ` (a semicolon followed by a space character) rather than `&`. + ## Appendix E: Percent-Encoding and Form Media Types From 96805ff40e39cda2c64f410493743ce0d453c0aa Mon Sep 17 00:00:00 2001 From: Henry Andrews Date: Thu, 23 May 2024 07:31:11 -0700 Subject: [PATCH 101/251] Fix spelling (review feedback) Co-authored-by: Ralf Handl --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 4823a532ce..e13af22b59 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -1070,7 +1070,7 @@ For simpler scenarios, a [`schema`](#parameterSchema) and [`style`](#parameterSt When `example` or `examples` are provided in conjunction with the `schema` object, the example SHOULD match the specified schema and follow the prescribed serialization strategy for the parameter. The `example` and `examples` fields are mutually exclusive, and if either is present it SHALL _override_ any `example` in the schema. -Serializing with `schema` is NOT RECOMMENDED for `in: cookie` parameters, `in: header` paramters that use HTTP header parameters (name=value pairs following a `;`) in their values, or `in: header` parameters where values might have non-URL-safe characters; see [Appendix D](#serializingHeadersAndCookies) for details. +Serializing with `schema` is NOT RECOMMENDED for `in: cookie` parameters, `in: header` parameters that use HTTP header parameters (name=value pairs following a `;`) in their values, or `in: header` parameters where values might have non-URL-safe characters; see [Appendix D](#serializingHeadersAndCookies) for details. Field Name | Type | Description ---|:---:|--- From dc41f765089bb37d815f5fd81693ac50182f02f0 Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Sat, 25 May 2024 15:26:11 -0700 Subject: [PATCH 102/251] Encoding Object content and header clarifications MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The Encoding Object's `contentType` field takes a comma-separated list of either regular or wildcared media types. These are the "two types" mentioned in the previous wording – "two" here did *not* refer to a limit on the number of entries in the list. These are not exactly media-type or media-range values, as both of those include parameters. This change also moves the hard-to-follow list of default values out of the individual field cell and into its own table. It takes `Content-Disposition` out of the header field's cell and instead explains limitations on header usage, and explains how `Content-Disposition` is used for encoding. This explanation includes a suggestion on how other `multipart` formats could be used with an Encoding Object, since their unnamed parts otherwise cannot be supported. Finally, it clarifies the interaction between `contentType` and the three fields imported from the Parameter Object, by aligning the recommended (but not, for compatibility reasons, required) behavior with guidance added in 3.1.0. --- versions/3.0.4.md | 38 ++++++++++++++++++++++++++++++++++++-- 1 file changed, 36 insertions(+), 2 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index f5bb2c3969..85df8bd8f3 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -1649,16 +1649,50 @@ See [Appendix B](#dataTypeConversion) for a discussion of converting values of v ##### Fixed Fields Field Name | Type | Description ---|:---:|--- -contentType | `string` | The Content-Type for encoding a specific property. Default value depends on the property type: for `string` with `format` being `binary` – `application/octet-stream`; for other primitive types – `text/plain`; for `object` - `application/json`; for `array` – the default is defined based on the inner type. The value can be a specific media type (e.g. `application/json`), a wildcard media type (e.g. `image/*`), or a comma-separated list of the two types. -headers | Map[`string`, [Header Object](#headerObject) \| [Reference Object](#referenceObject)] | A map allowing additional information to be provided as headers, for example `Content-Disposition`. `Content-Type` is described separately and SHALL be ignored in this section. This property SHALL be ignored if the request body media type is not a `multipart`. +contentType | `string` | The `Content-Type` for encoding a specific property. The value is a comma-separated list, each element of which is either a specific media type (e.g. .`image/png`) or a wildcard media type (e.g. `image/*`). Default value depends on the property type as shown in the table below. +headers | Map[`string`, [Header Object](#headerObject) \| [Reference Object](#referenceObject)] | A map allowing additional information to be provided as headers. `Content-Type` is described separately and SHALL be ignored in this section. This property SHALL be ignored if the request body media type is not a `multipart`. style | `string` | Describes how a specific property value will be serialized depending on its type. See [Parameter Object](#parameterObject) for details on the [`style`](#parameterStyle) property. The behavior follows the same values as `query` parameters, including default values. This property SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. explode | `boolean` | When this is true, property values of type `array` or `object` generate separate parameters for each value of the array, or key-value-pair of the map. For other types of properties this property has no effect. When [`style`](#encodingStyle) is `form`, the default value is `true`. For all other styles, the default value is `false`. This property SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. allowReserved | `boolean` | When this is true, parameter values are serialized using reserved expansion, as defined by [RFC6570](https://datatracker.ietf.org/doc/html/rfc6570#autoid-20), which allows [RFC3986's reserved character set](https://datatracker.ietf.org/doc/html/rfc3986#autoid-13), as well as percent-encoded triples, to pass through unchanged, while still percent-encoding all other disallowed characters (including `%` outside of percent-encoded triples). Applications are still responsible for percent-encoding reserved characters that are [not allowed in the query string](https://datatracker.ietf.org/doc/html/rfc3986#autoid-24) (`[`, `]`, `#`), or have a special meaning in `application/x-www-form-urlencoded` (`-`, `&`, `+`); see Appendices [C](#usingRFC6570Implementations) and [E](#percentEncodingAndFormMediaTypes) for details. This property only applies to parameters with an `in` value of `query`. The default value is `false`. This object MAY be extended with [Specification Extensions](#specificationExtensions). +The default values for `contentType` are as follows: + +Property Type | Property Format | Default `contentType` +------------- | --------------- | --------------------- +`string` | `binary` | `application/octet-stream` +`string`, `number`, `integer`, or `boolean` | _n/a_ | `text/plain` +`object` | _n/a_ | `application/json` +`array` | _n/a_ | according to the `type` and `format` of the `items` schema + See also [Appendix C: Using RFC6570 Implementations](#usingRFC6570Implementations) for additional guidance. +###### Encoding `multipart` Media Types + +Properties are correlated with `multipart` parts using the `name` parameter to `Content-Disposition: form-data`, and their order is implementation-defined. + +This disposition and its `name` parameter are mandatory for `multipart/form-data` ([RFC7578 §4.2](https://www.rfc-editor.org/rfc/rfc7578.html#section-4.2)). +Array properties are handled by applying the same `name` to multiple parts, as is recommended by [RFC7578 §4.2](https://www.rfc-editor.org/rfc/rfc7578.html#section-4.3) for supplying multiple values per form field. +See [RFC7578 §5](https://www.rfc-editor.org/rfc/rfc7578.html#section-5) for guidance regarding non-ASCII part names. + +Various other `multipart` types, most notable `multipart/mixed` ([RFC2046 §5.1.3](https://www.rfc-editor.org/rfc/rfc2046.html#section-5.1.3)) neither require nor forbid specific `Content-Disposition` values, which means care must be taken to ensure that any values used are supported by all relevant software. +It is not currently possible to correlate schema properties with unnamed, ordered parts in media types such as `multipart/mixed`, but implementations MAY choose to support such types when `Content-Disposition: form-data` is used with a `name` parameter. + +Note that there are significant restrictions on what headers can be used with `multipart` media types in general ([RFC2046 §5.1](https://www.rfc-editor.org/rfc/rfc2046.html#section-5.1)) and `multi-part/form-data` in particular ([RFC7578 §4.8](https://www.rfc-editor.org/rfc/rfc7578.html#section-4.8)). + +Note also that `Content-Transfer-Encoding` is deprecated for `multipart/form-data` ([RFC7578 §4.7](https://www.rfc-editor.org/rfc/rfc7578.html#section-4.7)) where binary data is supported, as it is in HTTP. +Using `format: byte` for a multipart field is equivalent to setting `Content-Transfer-Encoding: base64`. +If `format: byte` is used along with setting a different `Content-Transfer-Encoding` value with the `headers` field, the result is undefined. + +###### Encoding the `application/x-www-form-urlencoded` Media Type + +The role of `contentType` with `application/x-www-form-urlencoded` request bodies was not described in detail in version 3.0.3 and earlier of this specification. +To match the intent of these fields and be compatible with version 3.1 of this specification, it is RECOMMENDED that whenever any of `style`, `explode`, or `allowReserved` are present with an explicit values, that the value of `contentType`, whether it is explicitly defined or has the default value, be ignored. +Likewise, if all three of those fields are absent, it is RECOMMENDED that they be ignored, and that encoding be based on `contentType` alone. + +This makes the presence of at least one of `style`, `explode`, or `allowReserved` with an explicit value equivalent to using `schema` with `in: query` Parameter Objects, and their absence the equivalent of using `content`, but with the media type specified in `contentType` rather than through a Media Type Object. + ##### Encoding Object Example `multipart/form-data` allows for binary parts: From 63269931aceea9c7b75a1a3ec048c2d2ee3a0073 Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Sat, 25 May 2024 15:41:18 -0700 Subject: [PATCH 103/251] More detail on correlating properties --- versions/3.0.4.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 85df8bd8f3..32519b0cfc 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -1646,6 +1646,9 @@ An `encoding` attribute is introduced to give you control over the serialization A single encoding definition applied to a single schema property. See [Appendix B](#dataTypeConversion) for a discussion of converting values of various types to string representations. +Properties are correlated with `multipart` parts using the `name` parameter to `Content-Disposition: form-data`, and with `application/x-www-form-urlencoded` using the query string paramter names. +In both cases, their order is implementation-defined. + ##### Fixed Fields Field Name | Type | Description ---|:---:|--- @@ -1670,9 +1673,7 @@ See also [Appendix C: Using RFC6570 Implementations](#usingRFC6570Implementation ###### Encoding `multipart` Media Types -Properties are correlated with `multipart` parts using the `name` parameter to `Content-Disposition: form-data`, and their order is implementation-defined. - -This disposition and its `name` parameter are mandatory for `multipart/form-data` ([RFC7578 §4.2](https://www.rfc-editor.org/rfc/rfc7578.html#section-4.2)). +The `form-data` disposition and its `name` parameter are mandatory for `multipart/form-data` ([RFC7578 §4.2](https://www.rfc-editor.org/rfc/rfc7578.html#section-4.2)). Array properties are handled by applying the same `name` to multiple parts, as is recommended by [RFC7578 §4.2](https://www.rfc-editor.org/rfc/rfc7578.html#section-4.3) for supplying multiple values per form field. See [RFC7578 §5](https://www.rfc-editor.org/rfc/rfc7578.html#section-5) for guidance regarding non-ASCII part names. From ed0367358e7af41b348371a0c26edd3303837f7e Mon Sep 17 00:00:00 2001 From: Henry Andrews Date: Tue, 28 May 2024 07:02:28 -0700 Subject: [PATCH 104/251] Fix typo (review feedback) Co-authored-by: Ralf Handl --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 32519b0cfc..b482f4f1b6 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -1652,7 +1652,7 @@ In both cases, their order is implementation-defined. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- -contentType | `string` | The `Content-Type` for encoding a specific property. The value is a comma-separated list, each element of which is either a specific media type (e.g. .`image/png`) or a wildcard media type (e.g. `image/*`). Default value depends on the property type as shown in the table below. +contentType | `string` | The `Content-Type` for encoding a specific property. The value is a comma-separated list, each element of which is either a specific media type (e.g. `image/png`) or a wildcard media type (e.g. `image/*`). Default value depends on the property type as shown in the table below. headers | Map[`string`, [Header Object](#headerObject) \| [Reference Object](#referenceObject)] | A map allowing additional information to be provided as headers. `Content-Type` is described separately and SHALL be ignored in this section. This property SHALL be ignored if the request body media type is not a `multipart`. style | `string` | Describes how a specific property value will be serialized depending on its type. See [Parameter Object](#parameterObject) for details on the [`style`](#parameterStyle) property. The behavior follows the same values as `query` parameters, including default values. This property SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. explode | `boolean` | When this is true, property values of type `array` or `object` generate separate parameters for each value of the array, or key-value-pair of the map. For other types of properties this property has no effect. When [`style`](#encodingStyle) is `form`, the default value is `true`. For all other styles, the default value is `false`. This property SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. From 328998e2e59cb8b90dad8b762302368f6ad41b76 Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Wed, 5 Jun 2024 11:19:01 -0700 Subject: [PATCH 105/251] Reword default handling (review feedback) Thanks to @notEthan for the comments! --- versions/3.0.4.md | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index b482f4f1b6..e02f596e7b 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -1689,8 +1689,15 @@ If `format: byte` is used along with setting a different `Content-Transfer-Encod ###### Encoding the `application/x-www-form-urlencoded` Media Type The role of `contentType` with `application/x-www-form-urlencoded` request bodies was not described in detail in version 3.0.3 and earlier of this specification. -To match the intent of these fields and be compatible with version 3.1 of this specification, it is RECOMMENDED that whenever any of `style`, `explode`, or `allowReserved` are present with an explicit values, that the value of `contentType`, whether it is explicitly defined or has the default value, be ignored. -Likewise, if all three of those fields are absent, it is RECOMMENDED that they be ignored, and that encoding be based on `contentType` alone. +To match the intent of these fields and be compatible with version 3.1 of this specification, it is RECOMMENDED that whenever any of `style`, `explode`, or `allowReserved` are present with an explicit value: + +* The value of `contentType`, whether it is explicitly defined or has the default value, is to be ignored +* If any of `style`, `explode`, or `allowReserved` are _not_ present with explicit values, then they are to be treated as if they were present with their default values + +However, if all three of `style`, `explode`, and `allowReserved` fields are absent, it is RECOMMENDED that: + +* All three keywords are to be entirely ignored, rather than treated as having their default values +* Encoding is to be based on `contentType` alone, whether it is present with an explicit value or absent and treated as having its default value This makes the presence of at least one of `style`, `explode`, or `allowReserved` with an explicit value equivalent to using `schema` with `in: query` Parameter Objects, and their absence the equivalent of using `content`, but with the media type specified in `contentType` rather than through a Media Type Object. From 65c2960ab471f405c41541722cdc16d11666ad9a Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Mon, 10 Jun 2024 16:25:51 -0700 Subject: [PATCH 106/251] Split up Encoding fields like Param/Header This splits the Encoding Object's fixed fields table to make the usage more clear, and closer to how it is presented for the Parameter and Header Objects --- versions/3.0.4.md | 44 +++++++++++++++++++++++++------------------- 1 file changed, 25 insertions(+), 19 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index e02f596e7b..a829e70f6b 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -1649,14 +1649,14 @@ See [Appendix B](#dataTypeConversion) for a discussion of converting values of v Properties are correlated with `multipart` parts using the `name` parameter to `Content-Disposition: form-data`, and with `application/x-www-form-urlencoded` using the query string paramter names. In both cases, their order is implementation-defined. -##### Fixed Fields +###### Common Fixed Fields + +These fields MAY be used either with or without the RFC6570-style serialization fields defined in the next section below. + Field Name | Type | Description ---|:---:|--- contentType | `string` | The `Content-Type` for encoding a specific property. The value is a comma-separated list, each element of which is either a specific media type (e.g. `image/png`) or a wildcard media type (e.g. `image/*`). Default value depends on the property type as shown in the table below. headers | Map[`string`, [Header Object](#headerObject) \| [Reference Object](#referenceObject)] | A map allowing additional information to be provided as headers. `Content-Type` is described separately and SHALL be ignored in this section. This property SHALL be ignored if the request body media type is not a `multipart`. -style | `string` | Describes how a specific property value will be serialized depending on its type. See [Parameter Object](#parameterObject) for details on the [`style`](#parameterStyle) property. The behavior follows the same values as `query` parameters, including default values. This property SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. -explode | `boolean` | When this is true, property values of type `array` or `object` generate separate parameters for each value of the array, or key-value-pair of the map. For other types of properties this property has no effect. When [`style`](#encodingStyle) is `form`, the default value is `true`. For all other styles, the default value is `false`. This property SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. -allowReserved | `boolean` | When this is true, parameter values are serialized using reserved expansion, as defined by [RFC6570](https://datatracker.ietf.org/doc/html/rfc6570#autoid-20), which allows [RFC3986's reserved character set](https://datatracker.ietf.org/doc/html/rfc3986#autoid-13), as well as percent-encoded triples, to pass through unchanged, while still percent-encoding all other disallowed characters (including `%` outside of percent-encoded triples). Applications are still responsible for percent-encoding reserved characters that are [not allowed in the query string](https://datatracker.ietf.org/doc/html/rfc3986#autoid-24) (`[`, `]`, `#`), or have a special meaning in `application/x-www-form-urlencoded` (`-`, `&`, `+`); see Appendices [C](#usingRFC6570Implementations) and [E](#percentEncodingAndFormMediaTypes) for details. This property only applies to parameters with an `in` value of `query`. The default value is `false`. This object MAY be extended with [Specification Extensions](#specificationExtensions). @@ -1669,8 +1669,29 @@ Property Type | Property Format | Default `contentType` `object` | _n/a_ | `application/json` `array` | _n/a_ | according to the `type` and `format` of the `items` schema +##### Fixed Fields for RFC6570-style Serialization + +Field Name | Type | Description +---|:---:|--- +style | `string` | Describes how a specific property value will be serialized depending on its type. See [Parameter Object](#parameterObject) for details on the [`style`](#parameterStyle) property. The behavior follows the same values as `query` parameters, including default values. This property SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. +explode | `boolean` | When this is true, property values of type `array` or `object` generate separate parameters for each value of the array, or key-value-pair of the map. For other types of properties this property has no effect. When [`style`](#encodingStyle) is `form`, the default value is `true`. For all other styles, the default value is `false`. This property SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. +allowReserved | `boolean` | When this is true, parameter values are serialized using reserved expansion, as defined by [RFC6570](https://datatracker.ietf.org/doc/html/rfc6570#autoid-20), which allows [RFC3986's reserved character set](https://datatracker.ietf.org/doc/html/rfc3986#autoid-13), as well as percent-encoded triples, to pass through unchanged, while still percent-encoding all other disallowed characters (including `%` outside of percent-encoded triples). Applications are still responsible for percent-encoding reserved characters that are [not allowed in the query string](https://datatracker.ietf.org/doc/html/rfc3986#autoid-24) (`[`, `]`, `#`), or have a special meaning in `application/x-www-form-urlencoded` (`-`, `&`, `+`); see Appendices [C](#usingRFC6570Implementations) and [E](#percentEncodingAndFormMediaTypes) for details. This property only applies to parameters with an `in` value of `query`. The default value is `false`. + See also [Appendix C: Using RFC6570 Implementations](#usingRFC6570Implementations) for additional guidance. +The role of `contentType` with `application/x-www-form-urlencoded` request bodies was not described in detail in version 3.0.3 and earlier of this specification. +To match the intent of these fields and be compatible with version 3.1 of this specification, it is RECOMMENDED that whenever any of `style`, `explode`, or `allowReserved` are present with an explicit value: + +* The value of `contentType`, whether it is explicitly defined or has the default value, is to be ignored +* If any of `style`, `explode`, or `allowReserved` are _not_ present with explicit values, then they are to be treated as if they were present with their default values + +However, if all three of `style`, `explode`, and `allowReserved` fields are absent, it is RECOMMENDED that: + +* All three keywords are to be entirely ignored, rather than treated as having their default values +* Encoding is to be based on `contentType` alone, whether it is present with an explicit value or absent and treated as having its default value + +This makes the presence of at least one of `style`, `explode`, or `allowReserved` with an explicit value equivalent to using `schema` with `in: query` Parameter Objects, and their absence the equivalent of using `content`, but with the media type specified in `contentType` rather than through a Media Type Object. + ###### Encoding `multipart` Media Types The `form-data` disposition and its `name` parameter are mandatory for `multipart/form-data` ([RFC7578 §4.2](https://www.rfc-editor.org/rfc/rfc7578.html#section-4.2)). @@ -1686,21 +1707,6 @@ Note also that `Content-Transfer-Encoding` is deprecated for `multipart/form-dat Using `format: byte` for a multipart field is equivalent to setting `Content-Transfer-Encoding: base64`. If `format: byte` is used along with setting a different `Content-Transfer-Encoding` value with the `headers` field, the result is undefined. -###### Encoding the `application/x-www-form-urlencoded` Media Type - -The role of `contentType` with `application/x-www-form-urlencoded` request bodies was not described in detail in version 3.0.3 and earlier of this specification. -To match the intent of these fields and be compatible with version 3.1 of this specification, it is RECOMMENDED that whenever any of `style`, `explode`, or `allowReserved` are present with an explicit value: - -* The value of `contentType`, whether it is explicitly defined or has the default value, is to be ignored -* If any of `style`, `explode`, or `allowReserved` are _not_ present with explicit values, then they are to be treated as if they were present with their default values - -However, if all three of `style`, `explode`, and `allowReserved` fields are absent, it is RECOMMENDED that: - -* All three keywords are to be entirely ignored, rather than treated as having their default values -* Encoding is to be based on `contentType` alone, whether it is present with an explicit value or absent and treated as having its default value - -This makes the presence of at least one of `style`, `explode`, or `allowReserved` with an explicit value equivalent to using `schema` with `in: query` Parameter Objects, and their absence the equivalent of using `content`, but with the media type specified in `contentType` rather than through a Media Type Object. - ##### Encoding Object Example `multipart/form-data` allows for binary parts: From 285b3008992f81f443f0adba62e348dd1a76af54 Mon Sep 17 00:00:00 2001 From: Henry Andrews Date: Tue, 11 Jun 2024 10:04:02 -0700 Subject: [PATCH 107/251] Name the right section matching the link (review feedback) :facepalm: thanks for catching this, @ralfhandl Co-authored-by: Ralf Handl --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index a829e70f6b..072e8b5620 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -1695,7 +1695,7 @@ This makes the presence of at least one of `style`, `explode`, or `allowReserved ###### Encoding `multipart` Media Types The `form-data` disposition and its `name` parameter are mandatory for `multipart/form-data` ([RFC7578 §4.2](https://www.rfc-editor.org/rfc/rfc7578.html#section-4.2)). -Array properties are handled by applying the same `name` to multiple parts, as is recommended by [RFC7578 §4.2](https://www.rfc-editor.org/rfc/rfc7578.html#section-4.3) for supplying multiple values per form field. +Array properties are handled by applying the same `name` to multiple parts, as is recommended by [RFC7578 §4.3](https://www.rfc-editor.org/rfc/rfc7578.html#section-4.3) for supplying multiple values per form field. See [RFC7578 §5](https://www.rfc-editor.org/rfc/rfc7578.html#section-5) for guidance regarding non-ASCII part names. Various other `multipart` types, most notable `multipart/mixed` ([RFC2046 §5.1.3](https://www.rfc-editor.org/rfc/rfc2046.html#section-5.1.3)) neither require nor forbid specific `Content-Disposition` values, which means care must be taken to ensure that any values used are supported by all relevant software. From 6cefd7704de11ca5943dfd68295998d2f0101452 Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Tue, 11 Jun 2024 11:21:09 -0700 Subject: [PATCH 108/251] Discuss null values and contentType --- versions/3.0.4.md | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 072e8b5620..0f318c78bf 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -1660,15 +1660,20 @@ Field Name | Type | Description This object MAY be extended with [Specification Extensions](#specificationExtensions). -The default values for `contentType` are as follows: +The default values for `contentType` are as follows, where an _n/a_ in the `format` column means that the presence or value of `format` is irrelevant: -Property Type | Property Format | Default `contentType` +Property `type` | Property `format` | Default `contentType` ------------- | --------------- | --------------------- `string` | `binary` | `application/octet-stream` -`string`, `number`, `integer`, or `boolean` | _n/a_ | `text/plain` +`string` | _none, or any except `binary`_ | `text/plain` +`number`, `integer`, or `boolean` | _n/a_ | `text/plain` `object` | _n/a_ | `application/json` `array` | _n/a_ | according to the `type` and `format` of the `items` schema +Determining how to handle `null` values if `nullable: true` is present depends on how `null` values are being serialized. +If `null` values are entirely omitted, then the `contentType` is irrelevant. +See [Appendix B](#dataTypeConversion) for a discussion of data type conversion options. + ##### Fixed Fields for RFC6570-style Serialization Field Name | Type | Description From b48c1212052675a9d8615cf9a52f3572d10fbaa0 Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Sat, 25 May 2024 15:50:29 -0700 Subject: [PATCH 109/251] Appendix for percent-encoding concerns (3.0.4) Percent-encoding is a minefield, although in practice it mostly works. This appendix attempts to acknowledge the concerns and then define enough terminology and link to enough other specifications that interested readers will be able to research further details. --- versions/3.0.4.md | 100 ++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 97 insertions(+), 3 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 0f318c78bf..ad5f7ff9b1 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -1057,6 +1057,8 @@ Describes a single operation parameter. A unique parameter is defined by a combination of a [name](#parameterName) and [location](#parameterIn). +See [Appendix E](#percentEncodingAndFormMediaTypes) for a detailed examination of percent-encoding concerns, including interactions with the `application/x-www-form-urlencoded` query string format. + ##### Parameter Locations There are four possible parameter locations specified by the `in` field: * path - Used together with [Path Templating](#pathTemplating), where the parameter value is actually part of the operation's URL. This does not include the host or base path of the API. For example, in `/items/{itemId}`, the path parameter is `itemId`. @@ -1128,7 +1130,7 @@ spaceDelimited | `array`, `object` | `query` | Space separated array values or o pipeDelimited | `array`, `object` | `query` | Pipe separated array values or object properties and values. This option replaces `collectionFormat` equal to `pipes` from OpenAPI 2.0. deepObject | `object` | `query` | Allows objects with scalar properties to be represented using form parameters. The representation of array or object properties is not defined. -The behavior of applying a style that uses a delimiter to data containing that delimiter is not defined, and is therefore NOT RECOMMENDED. To ensure interoperability, any such delimiter characters need to be escaped prior to serializing with the style, and unescaped after parsing. In the case of `spaceDelimited`, care must be taken to avoid confusing interactions with URL parameter encoding of spaces. +See [Appendix E](#percentEncodingAndFormMediaTypes) for a discussion of percent-encoding, including when delimiters need to be percent-encoded and options for handling collisions with percent-encoded data. ##### Style Examples @@ -1140,6 +1142,7 @@ Assume a parameter named `color` has one of the following values: object -> { "R": 100, "G": 200, "B": 150 } ``` The following table shows examples of rendering differences for each value. +The examples are percent-encoded as required by RFC6570 and RFC3986; see [Appendix E](#percentEncodingAndFormMediaTypes) for a thorough discussion of percent-encoding concerns, including why unencoded `|` (`%7C`), `[` (`%5B`), and `]` (`%5D`) seem to work in some environments despite not being compliant. [`style`](#dataTypeFormat) | `explode` | `empty` | `string` | `array` | `object` ----------- | ------ | -------- | -------- | -------- | ------- @@ -1152,8 +1155,8 @@ simple | true | n/a | blue | blue,black,brown | R=100,G=200,B=150 form | false | color= | color=blue | color=blue,black,brown | color=R,100,G,200,B,150 form | true | color= | color=blue | color=blue&color=black&color=brown | R=100&G=200&B=150 spaceDelimited | false | n/a | n/a | color=blue%20black%20brown | color=R%20100%20G%20200%20B%20150 -pipeDelimited | false | n/a | n/a | color=blue\|black\|brown | color=R\|100\|G\|200\|B\|150 -deepObject | true | n/a | n/a | n/a | color[R]=100&color[G]=200&color[B]=150 +pipeDelimited | false | n/a | n/a | color=blue%7Cblack%7Cbrown | color=R%7C100%7CG%7C200%7CB%7C150 +deepObject | true | n/a | n/a | n/a | color%5BR%5D=100&color%5BG%5D=200&color%5BB%5D=150 This object MAY be extended with [Specification Extensions](#specificationExtensions). @@ -1595,6 +1598,8 @@ Here is the `id` parameter (without `address`) serialized as `application/json` id=%22f81d4fae-7dec-11d0-a765-00a0c91e6bf6%22 ``` +See [Appendix E](#percentEncodingAndFormMediaTypes) for a detailed examination of percent-encoding concerns for form media types. + ##### Special Considerations for `multipart` Content It is common to use `multipart/form-data` as a `Content-Type` when transferring request bodies to operations. In contrast to 2.0, a `schema` is REQUIRED to define the input parameters to the operation when using `multipart` content. This supports complex structures as well as supporting mechanisms for multiple file uploads. @@ -1649,6 +1654,8 @@ See [Appendix B](#dataTypeConversion) for a discussion of converting values of v Properties are correlated with `multipart` parts using the `name` parameter to `Content-Disposition: form-data`, and with `application/x-www-form-urlencoded` using the query string paramter names. In both cases, their order is implementation-defined. +See [Appendix E](#percentEncodingAndFormMediaTypes) for a detailed examination of percent-encoding concerns for form media types. + ###### Common Fixed Fields These fields MAY be used either with or without the RFC6570-style serialization fields defined in the next section below. @@ -4104,3 +4111,90 @@ Because implementations that rely on an RFC6570 implementation and those that pe For multiple values, `style: form` is always incorrect as name=value pairs in cookies are delimited by `; ` (a semicolon followed by a space character) rather than `&`. ## Appendix E: Percent-Encoding and Form Media Types + +_**NOTE:** In this section, the `application/x-www-form-urlencoded` and `multipart/form-data` media types are abbreviated as `form-urlencoded` and `form-data`, respectively, for readability._ + +Percent-encoding is used in URIs and media types that derive their syntax from URIs. +This process is concerned with three sets of characters, the names of which vary among specifications but are defined as follows for the purposes of this section: + +* _unreserved_ characters do not need to be percent-encoded; while it is safe to percent-encode them, doing so produces a URI that is [not normalized](https://datatracker.ietf.org/doc/html/rfc3986#section-6.2.2.2) +* _reserved_ characters either have special behavior in the URI syntax (such as delimiting components) or are reserved for other specifications that need to define special behavior (e.g. `form-urlencoded` defines special behavior for `=`, `&`, and `+`) +* _unsafe_ characters are known to cause problems when parsing URIs in certain environments + +Unless otherwise specified, this section uses RFC3986's definition of [reserved](https://datatracker.ietf.org/doc/html/rfc3986#section-2.2) and [unreserved](https://datatracker.ietf.org/doc/html/rfc3986#section-2.3), and defines the unsafe set as all characters not included in either of those sets. + +### Percent-Encoding and `form-urlencoded` + +Each URI component (such as the query string) considers some of the reserved characters to be unsafe, either because they serve as delimiters between the components (e.g. `#`), or (in the case of `[` and `]`) were historically considered globally unsafe but were later given reserved status for limited purposes. + +Reserved characters with no special meaning defined within a component can be left un-percent encoded. +However, other specifications can define special meanings, requiring percent-encoding for those characters outside of the additional special meanings. + +The `form-urlencoded` media type defines special meanings for `=` and `&` as delimiters, and `+` as the replacement for the space character (instead of its percent-encoded form of `%20`). +This means that while these three characters are reserved-but-allowed in query strings by RFC3986, the must be percent-encoded in `form-urlencoded` query strings except when used for their `form-urlencoded` purposes; see Appendix C for an example of handling `+` in form values. + +### Percent-Encoding and `form-data` + +[RFC7578 §2](https://datatracker.ietf.org/doc/html/rfc7578#section-2) suggests RFC3986-based percent-encoding as a mechanism to keep text-based per-part header data such as file names within the ASCII character set. +This suggestion was not part of older (pre-2015) specifications for `form-data`, so care must be taken to ensure interoperability. + +The `form-data` media type allows arbitrary text or binary data in its parts, so percent-encoding is not needed and is likely to cause interoperability problems unless the `Content-Type` of the part is defined to require it. + +### Generating and Validating URIs and `form-urlencoded` Strings + +URI percent encoding and the `form-urlencoded` media type have complex specification histories spanning multiple revisions and, in some cases, conflicting claims of ownership by different standards bodies. +Unfortunately, these specifications each define slightly different percent-encoding rules, which need to be taken into account if the URIs or `form-urlencoded` message bodies will be subject to strict validation. +(Note that many URI parsers do not perform validation by default.) + +This specification normatively cites the following relevant standards: + +Specification | Date | OAS Usage | Percent-Encoding | Notes +------------- | ---- | --------- | ----- | ----- +[RFC3986 URI Generic Syntax](https://datatracker.ietf.org/doc/html/rfc3986) | 01/2005 | URI/URL syntax | RFC3986 | obsoletes RFC1738, RFC2396 +[RFC6570 URI Template](https://datatracker.ietf.org/doc/html/rfc6570) | 03/2012 | style-based serialization | RFC3986 | does not use `+` for form‑urlencoded +[RFC1866 §8.2.1 form‑urlencoded](https://datatracker.ietf.org/doc/html/rfc1866#section-8.2.1) | 11/1995 | content-based serialization | RFC1738 | obsoleted by [HTML 4.01 §17.13.4.1](https://www.w3.org/TR/html401/interact/forms.html#h-17.13.4.1), [WHATWG URL §5](https://url.spec.whatwg.org/#urlencoded-serializing) + +Style-based serialization is used in the [Parameter Object](#parameterObject) when `schema` is present, and in the [Encoding Object](#encodingObject) when at least one of `style`, `explode`, or `allowReserved` is present. +See [Appendix C]() for more details of RFC6570's two different approaches to percent-encoding, including an example involving `+`. + +Content-based serialization is defined by the [Media Type Object](#mediaTypeObject), and used with the [Parameter Object](#parameterObject) when the `content` field is present, and with the [Encoding Object](#encodingObject) based on the `contentType` field when the style fields listed in the previous section are absent. +Each part is encoded based on the media type (e.g. `text/plain` or `application/json`), and must then be percent-encoded for use in a `form-urlencoded` string. + +Note that content-based serialization for `form-data` does not expect or require percent-encoding in the data, only in per-part header values. + +#### Interoperability with Historical Specifications + +In most cases, generating query strings in strict compliance with RFC3986 is sufficient to pass validation (including JSON Schema's `format: uri` and `format: uri-reference`), but some `form-urlencoded` implementations still expect the slightly more restrictive RFC1738 rules to be used. + +Since all RFC1738-compliant URIs are compliant with RFC3986, applications needing to ensure historical interoperability SHOULD use RFC1738's rules. + +#### Interoperability with Web Browser Environments + +WHATWG is a [web browser-oriented](https://whatwg.org/faq#what-is-the-whatwg-working-on) standards group that has defined a "URL Living Standard" for parsing and serializing URLs in a browser context, including parsing and serializing `form-urlencoded` data. +WHATWG's percent-encoding rules for query strings are different depending on whether the query string is [being treated as `form-urlencoded`](https://url.spec.whatwg.org/#application-x-www-form-urlencoded-percent-encode-set) (where it requires more percent-encoding than RFC1738) or [as part of the generic syntax](https://url.spec.whatwg.org/#query-percent-encode-set), where it allows characters that RFC3986 forbids. + +Implementations needing maximum compatibility with web browsers SHOULD use WHATWG's `form-urlencoded` percent-encoding rules. +However, they SHOULD NOT rely on WHATWG's less stringent generic query string rules, as the resulting URLs would fail RFC3986 validation, including JSON Schema's `format: uri` and `format: uri-reference`. + +### Decoding URIs and `form-urlencoded` Strings + +The percent-decoding algorithm does not care which characters were or were not percent-decoded, which means that URIs percent-encoded according to any specification will be decoded correctly. + +Similarly, all `form-urlencoded` decoding algorithms simply add `+`-for-space handling on top of the percent-decoding algorithm, and will work regardless of the encoding specification used. + +However, care must be taken to use `form-urlencoded` decoding if `+` represents a space, and to use regular percent-decoding if `+` represents itself as a literal value. + +### Percent-Encoding and Illegal or Reserved Delimiters + +The `[` and `]`, `|`, and space characters, which are used as delimiters for the `deepObject`, `pipeDelimited`, and `spaceDelimited` styles, respectively, all MUST be percent-encoded to comply with RFC3986. +This requires users to pre-encode the character(s) in some other way in parameter names and values to distinguish them from the delimiter usage when using one of these styles. + +The space character is always illegal and encoded in some way by all implementations of all versions of the relevant standards. +While one could use the `form-urlencoded` convention of `+` to distinguish spaces in parameter names and values from `spaceDelimited` delimiters encoded as `%20`, the specifications define the decoding as a single pass, making it impossible to distinguish the different usages in the decoded result. + +Some environments use `[`, `]`, and possibly `|` unencoded in query strings without apparent difficulties, and WHATWG's generic query string rules do not require percent-encoding them. +Code that relies on leaving these delimiters unencoded, while using regular percent-encoding for them within names and values, is not guaranteed to be interoperable across all implementations. + +For maximum interoperability, it is RECOMMENDED to either define and document an additional escape convention while percent-encoding the delimiters for these styles, or to avoid these styles entirely. +The exact method of additional encoding/escaping is left to the API designer, and is expected to be performed before serialization and encoding described in this specification, and reversed after this specification's encoding and serialization steps are reversed. +This keeps it outside of the processes governed by this specification. From 972fcadc5cb837260f04b4a362594f70e4562c6c Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Sun, 26 May 2024 16:55:02 -0700 Subject: [PATCH 110/251] improve wording of style example table "serialization" matches other discussions, "rendering" does not. --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index ad5f7ff9b1..5816ec07fd 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -1141,7 +1141,7 @@ Assume a parameter named `color` has one of the following values: array -> ["blue","black","brown"] object -> { "R": 100, "G": 200, "B": 150 } ``` -The following table shows examples of rendering differences for each value. +The following table shows examples of the different serializations for each value. The examples are percent-encoded as required by RFC6570 and RFC3986; see [Appendix E](#percentEncodingAndFormMediaTypes) for a thorough discussion of percent-encoding concerns, including why unencoded `|` (`%7C`), `[` (`%5B`), and `]` (`%5D`) seem to work in some environments despite not being compliant. [`style`](#dataTypeFormat) | `explode` | `empty` | `string` | `array` | `object` From 7d71c3b93080a98dec455bcafe083093ae87a457 Mon Sep 17 00:00:00 2001 From: Henry Andrews Date: Tue, 28 May 2024 07:04:30 -0700 Subject: [PATCH 111/251] review feedback - wording Co-authored-by: Ralf Handl --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 5816ec07fd..aab0852da8 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -4180,7 +4180,7 @@ However, they SHOULD NOT rely on WHATWG's less stringent generic query string ru The percent-decoding algorithm does not care which characters were or were not percent-decoded, which means that URIs percent-encoded according to any specification will be decoded correctly. -Similarly, all `form-urlencoded` decoding algorithms simply add `+`-for-space handling on top of the percent-decoding algorithm, and will work regardless of the encoding specification used. +Similarly, all `form-urlencoded` decoding algorithms simply add `+`-for-space handling to the percent-decoding algorithm, and will work regardless of the encoding specification used. However, care must be taken to use `form-urlencoded` decoding if `+` represents a space, and to use regular percent-decoding if `+` represents itself as a literal value. From a3457210e73da940a02ee823d6e2a69e55986e55 Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Mon, 3 Jun 2024 08:42:57 -0700 Subject: [PATCH 112/251] Stub out Appendix C for linking This is to make sure PR checks pass even though the PR adding Appendix C has not yet been merged. --- versions/3.0.4.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index aab0852da8..8fd7b72385 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -4131,7 +4131,7 @@ Reserved characters with no special meaning defined within a component can be le However, other specifications can define special meanings, requiring percent-encoding for those characters outside of the additional special meanings. The `form-urlencoded` media type defines special meanings for `=` and `&` as delimiters, and `+` as the replacement for the space character (instead of its percent-encoded form of `%20`). -This means that while these three characters are reserved-but-allowed in query strings by RFC3986, the must be percent-encoded in `form-urlencoded` query strings except when used for their `form-urlencoded` purposes; see Appendix C for an example of handling `+` in form values. +This means that while these three characters are reserved-but-allowed in query strings by RFC3986, the must be percent-encoded in `form-urlencoded` query strings except when used for their `form-urlencoded` purposes; see [Appendix C](#usingRFC6570Implementations) for an example of handling `+` in form values. ### Percent-Encoding and `form-data` @@ -4155,7 +4155,7 @@ Specification | Date | OAS Usage | Percent-Encoding | Notes [RFC1866 §8.2.1 form‑urlencoded](https://datatracker.ietf.org/doc/html/rfc1866#section-8.2.1) | 11/1995 | content-based serialization | RFC1738 | obsoleted by [HTML 4.01 §17.13.4.1](https://www.w3.org/TR/html401/interact/forms.html#h-17.13.4.1), [WHATWG URL §5](https://url.spec.whatwg.org/#urlencoded-serializing) Style-based serialization is used in the [Parameter Object](#parameterObject) when `schema` is present, and in the [Encoding Object](#encodingObject) when at least one of `style`, `explode`, or `allowReserved` is present. -See [Appendix C]() for more details of RFC6570's two different approaches to percent-encoding, including an example involving `+`. +See [Appendix C](#usingRFC6570Implementations) for more details of RFC6570's two different approaches to percent-encoding, including an example involving `+`. Content-based serialization is defined by the [Media Type Object](#mediaTypeObject), and used with the [Parameter Object](#parameterObject) when the `content` field is present, and with the [Encoding Object](#encodingObject) based on the `contentType` field when the style fields listed in the previous section are absent. Each part is encoded based on the media type (e.g. `text/plain` or `application/json`), and must then be percent-encoded for use in a `form-urlencoded` string. From f19be0567a9cdf730729501fbd05dd8e537a5555 Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Mon, 3 Jun 2024 15:49:19 -0700 Subject: [PATCH 113/251] Fix typo (review feedback) Thanks @notEthan! --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 8fd7b72385..cd67f80159 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -4131,7 +4131,7 @@ Reserved characters with no special meaning defined within a component can be le However, other specifications can define special meanings, requiring percent-encoding for those characters outside of the additional special meanings. The `form-urlencoded` media type defines special meanings for `=` and `&` as delimiters, and `+` as the replacement for the space character (instead of its percent-encoded form of `%20`). -This means that while these three characters are reserved-but-allowed in query strings by RFC3986, the must be percent-encoded in `form-urlencoded` query strings except when used for their `form-urlencoded` purposes; see [Appendix C](#usingRFC6570Implementations) for an example of handling `+` in form values. +This means that while these three characters are reserved-but-allowed in query strings by RFC3986, they must be percent-encoded in `form-urlencoded` query strings except when used for their `form-urlencoded` purposes; see [Appendix C](#usingRFC6570Implementations) for an example of handling `+` in form values. ### Percent-Encoding and `form-data` From 48478764fd80043fadefe4a3fca5bd8c95bac2e5 Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Sat, 8 Jun 2024 15:43:46 -0700 Subject: [PATCH 114/251] Further clarify style+explode examples This aligns all examples with RFC6570 operator prefixing behavior, which was previously only shown for `matrix` and `label`. The non-RFC6570 styles (`spaceDelimited`, `pipeDelimited`, and `deepObject`) are treated as analogues of `form` and therefore prefixed with a `?`. The lack of suitablity of this for cookie parameters has been addressed with an appendix in another change, and the appendix has been stubbed out here to ensure that the link is valid. --- versions/3.0.4.md | 41 +++++++++++++++++++++++++---------------- 1 file changed, 25 insertions(+), 16 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index cd67f80159..9eb7034a43 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -1072,6 +1072,8 @@ The rules for serialization of the parameter are specified in one of two ways. Parameter Objects MUST include either a `content` field or a `schema` field, but not both. See [Appendix B](#dataTypeConversion) for a discussion of converting values of various types to string representations. +This object MAY be extended with [Specification Extensions](#specificationExtensions). + ###### Common Fixed Fields These fields MAY be used with either `content` or `schema`. @@ -1083,7 +1085,7 @@ Field Name | Type | Description description | `string` | A brief description of the parameter. This could contain examples of use. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. required | `boolean` | Determines whether this parameter is mandatory. If the [parameter location](#parameterIn) is `"path"`, this property is **REQUIRED** and its value MUST be `true`. Otherwise, the property MAY be included and its default value is `false`. deprecated | `boolean` | Specifies that a parameter is deprecated and SHOULD be transitioned out of usage. Default value is `false`. - allowEmptyValue | `boolean` | If `true`, clients MAY pass a zero-length string value in place of parameters that would otherwise be omitted entirely, which the server SHOULD interpret as the parameter being unused. Default value is `false`. If [`style`](#parameterStyle) is used, and if behavior is `n/a` (cannot be serialized), the value of `allowEmptyValue` SHALL be ignored. Interactions between this field and the parameter's [Schema Object](#schemaObject) are implementation-defined. This field is valid only for `query` parameters. Use of this property is NOT RECOMMENDED, and it is likely to be removed in a later revision. + allowEmptyValue | `boolean` | If `true`, clients MAY pass a zero-length string value in place of parameters that would otherwise be omitted entirely, which the server SHOULD interpret as the parameter being unused. Default value is `false`. If [`style`](#parameterStyle) is used, and if [behavior is _n/a_ (cannot be serialized)](#style-examples), the value of `allowEmptyValue` SHALL be ignored. Interactions between this field and the parameter's [Schema Object](#schemaObject) are implementation-defined. This field is valid only for `query` parameters. Use of this property is NOT RECOMMENDED, and it is likely to be removed in a later revision. Note that while `"Cookie"` as a `name` is not forbidden with `in: header`, the effect of defining a cookie parameter that way is undefined; use `in: cookie` instead. @@ -1098,7 +1100,7 @@ Serializing with `schema` is NOT RECOMMENDED for `in: cookie` parameters, `in: h Field Name | Type | Description ---|:---:|--- style | `string` | Describes how the parameter value will be serialized depending on the type of the parameter value. Default values (based on value of `in`): for `query` - `form`; for `path` - `simple`; for `header` - `simple`; for `cookie` - `form`. -explode | `boolean` | When this is true, parameter values of type `array` or `object` generate separate parameters for each value of the array or key-value pair of the map. For other types of parameters this property has no effect. When [`style`](#parameterStyle) is `form`, the default value is `true`. For all other styles, the default value is `false`. +explode | `boolean` | When this is true, parameter values of type `array` or `object` generate separate parameters for each value of the array or key-value pair of the map. For other types of parameters this property has no effect. When [`style`](#parameterStyle) is `form`, the default value is `true`. For all other styles, the default value is `false`. Note that despite `false` being the default for `deepObject`, the combination of `false` with `deepObject` is undefined. allowReserved | `boolean` | When this is true, parameter values are serialized using reserved expansion, as defined by [RFC6570](https://datatracker.ietf.org/doc/html/rfc6570#autoid-20), which allows [RFC3986's reserved character set](https://datatracker.ietf.org/doc/html/rfc3986#autoid-13), as well as percent-encoded triples, to pass through unchanged, while still percent-encoding all other disallowed characters (including `%` outside of percent-encoded triples). Applications are still responsible for percent-encoding reserved characters that are [not allowed in the query string](https://datatracker.ietf.org/doc/html/rfc3986#autoid-24) (`[`, `]`, `#`), or have a special meaning in `application/x-www-form-urlencoded` (`-`, `&`, `+`); see Appendices [C](#usingRFC6570Implementations) and [E](#percentEncodingAndFormMediaTypes) for details. This property only applies to parameters with an `in` value of `query`. The default value is `false`. schema | [Schema Object](#schemaObject) \| [Reference Object](#referenceObject) | The schema defining the type used for the parameter. example | Any | Example of the parameter's potential value; see [Working With Examples](#working-with-examples). @@ -1141,8 +1143,14 @@ Assume a parameter named `color` has one of the following values: array -> ["blue","black","brown"] object -> { "R": 100, "G": 200, "B": 150 } ``` -The following table shows examples of the different serializations for each value. -The examples are percent-encoded as required by RFC6570 and RFC3986; see [Appendix E](#percentEncodingAndFormMediaTypes) for a thorough discussion of percent-encoding concerns, including why unencoded `|` (`%7C`), `[` (`%5B`), and `]` (`%5D`) seem to work in some environments despite not being compliant. + +The following table shows examples, as would be shown with the `example` or `examples` keywords, of the different serializations for each value. + +* The value _e/s_ denotes the empty string +* The behavior of combinations marked _n/a_ is undefined +* The `empty` column refers to values that [RFC6570 §2.3](https://www.rfc-editor.org/rfc/rfc6570.html#section-2.3) describes as "undefined", and is unrelated to the `allowEmptyValues` field +* For `form` and the non-RFC6570 query string styles `spaceDelimited`, `pipeDelimited`, and `deepObject`, each example is shown prefixed with `?` as if it were the only query parameter; see [Appendix C](#usingRFC6570Implementations) for more information on constructing query strings from multiple parameters, and [Appendix D](#serializingHeadersAndCookies) for warnings regarding `form` and cookie parameters +* The examples are percent-encoded as required by RFC6570 and RFC3986; see [Appendix E](#percentEncodingAndFormMediaTypes) for a thorough discussion of percent-encoding concerns, including why unencoded `|` (`%7C`), `[` (`%5B`), and `]` (`%5D`) seem to work in some environments despite not being compliant. [`style`](#dataTypeFormat) | `explode` | `empty` | `string` | `array` | `object` ----------- | ------ | -------- | -------- | -------- | ------- @@ -1150,15 +1158,16 @@ matrix | false | ;color | ;color=blue | ;color=blue,black,brown | ;color=R,100,G matrix | true | ;color | ;color=blue | ;color=blue;color=black;color=brown | ;R=100;G=200;B=150 label | false | . | .blue | .blue,black,brown | .R,100,G,200,B,150 label | true | . | .blue | .blue.black.brown | .R=100.G=200.B=150 -simple | false | n/a | blue | blue,black,brown | R,100,G,200,B,150 -simple | true | n/a | blue | blue,black,brown | R=100,G=200,B=150 -form | false | color= | color=blue | color=blue,black,brown | color=R,100,G,200,B,150 -form | true | color= | color=blue | color=blue&color=black&color=brown | R=100&G=200&B=150 -spaceDelimited | false | n/a | n/a | color=blue%20black%20brown | color=R%20100%20G%20200%20B%20150 -pipeDelimited | false | n/a | n/a | color=blue%7Cblack%7Cbrown | color=R%7C100%7CG%7C200%7CB%7C150 -deepObject | true | n/a | n/a | n/a | color%5BR%5D=100&color%5BG%5D=200&color%5BB%5D=150 - -This object MAY be extended with [Specification Extensions](#specificationExtensions). +simple | false | _e/s_ | blue | blue,black,brown | R,100,G,200,B,150 +simple | true | _e/s_ | blue | blue,black,brown | R=100,G=200,B=150 +form | false | ?color= | ?color=blue | ?color=blue,black,brown | ?color=R,100,G,200,B,150 +form | true | ?color= | ?color=blue | ?color=blue&color=black&color=brown | ?R=100&G=200&B=150 +spaceDelimited | false | _n/a_ | _n/a_ | ?color=blue%20black%20brown | ?color=R%20100%20G%20200%20B%20150 +spaceDelimited | true | _n/a_ | _n/a_ | _n/a_ | _n/a_ +pipeDelimited | false | _n/a_ | _n/a_ | ?color=blue%7Cblack%7Cbrown | ?color=R%7C100%7CG%7C200%7CB%7C150 +pipeDelimited | true | _n/a_ | _n/a_ | _n/a_ | _n/a_ +deepObject | false | _n/a_ | _n/a_ | _n/a_ | _n/a_ +deepObject | true | _n/a_ | _n/a_ | _n/a_ | ?color%5BR%5D=100&color%5BG%5D=200&color%5BB%5D=150 ##### Parameter Object Examples @@ -1685,9 +1694,9 @@ See [Appendix B](#dataTypeConversion) for a discussion of data type conversion o Field Name | Type | Description ---|:---:|--- -style | `string` | Describes how a specific property value will be serialized depending on its type. See [Parameter Object](#parameterObject) for details on the [`style`](#parameterStyle) property. The behavior follows the same values as `query` parameters, including default values. This property SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. -explode | `boolean` | When this is true, property values of type `array` or `object` generate separate parameters for each value of the array, or key-value-pair of the map. For other types of properties this property has no effect. When [`style`](#encodingStyle) is `form`, the default value is `true`. For all other styles, the default value is `false`. This property SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. -allowReserved | `boolean` | When this is true, parameter values are serialized using reserved expansion, as defined by [RFC6570](https://datatracker.ietf.org/doc/html/rfc6570#autoid-20), which allows [RFC3986's reserved character set](https://datatracker.ietf.org/doc/html/rfc3986#autoid-13), as well as percent-encoded triples, to pass through unchanged, while still percent-encoding all other disallowed characters (including `%` outside of percent-encoded triples). Applications are still responsible for percent-encoding reserved characters that are [not allowed in the query string](https://datatracker.ietf.org/doc/html/rfc3986#autoid-24) (`[`, `]`, `#`), or have a special meaning in `application/x-www-form-urlencoded` (`-`, `&`, `+`); see Appendices [C](#usingRFC6570Implementations) and [E](#percentEncodingAndFormMediaTypes) for details. This property only applies to parameters with an `in` value of `query`. The default value is `false`. +style | `string` | Describes how a specific property value will be serialized depending on its type. See [Parameter Object](#parameterObject) for details on the [`style`](#parameterStyle) property. The behavior follows the same values as `query` parameters, including default values. Note that the initial `?` using in query strings is not used in `applcation/x-www-form-urlencoded` message bodies, and MUST be removed (if using an RFC6570 implementation) or simply not added (if constructing the string manually). This property SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. +explode | `boolean` | When this is true, property values of type `array` or `object` generate separate parameters for each value of the array, or key-value-pair of the map. For other types of properties this property has no effect. When [`style`](#encodingStyle) is `form`, the default value is `true`. For all other styles, the default value is `false`. Note that despite `false` being the default for `deepObject`, the combination of `false` with `deepObject` is undefined. This property SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. +allowReserved | `boolean` | When this is true, parameter values are serialized using reserved expansion, as defined by [RFC6570](https://datatracker.ietf.org/doc/html/rfc6570#autoid-20), which allows [RFC3986's reserved character set](https://datatracker.ietf.org/doc/html/rfc3986#autoid-13), as well as percent-encoded triples, to pass through unchanged, while still percent-encoding all other disallowed characters (including `%` outside of percent-encoded triples). Applications are still responsible for percent-encoding reserved characters that are [not allowed in the query string](https://datatracker.ietf.org/doc/html/rfc3986#autoid-24) (`[`, `]`, `#`), or have a special meaning in `application/x-www-form-urlencoded` (`-`, `&`, `+`); see Appendices [C](#usingRFC6570Implementations) and [E](#percentEncodingAndFormMediaTypes) for details. This property only applies to parameters with an `in` value of `query`. The default value is `false`. This property SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. See also [Appendix C: Using RFC6570 Implementations](#usingRFC6570Implementations) for additional guidance. From a9fe16f9fb17e60273ae468199b594b639aec40e Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Mon, 10 Jun 2024 14:18:32 -0700 Subject: [PATCH 115/251] Better handling of empty/undefined in table This was confusing, and my initial use of _e/s_ was too novel. Switch the column heading to "undefined" to align with RFC6570 and make clear that it is not about `allowEmptyValue` --- versions/3.0.4.md | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 9eb7034a43..9f46ba19ec 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -1146,10 +1146,11 @@ Assume a parameter named `color` has one of the following values: The following table shows examples, as would be shown with the `example` or `examples` keywords, of the different serializations for each value. -* The value _e/s_ denotes the empty string +* The value _empty_ denotes the empty string, and is unrelated to the `allowEmptyValue` field * The behavior of combinations marked _n/a_ is undefined -* The `empty` column refers to values that [RFC6570 §2.3](https://www.rfc-editor.org/rfc/rfc6570.html#section-2.3) describes as "undefined", and is unrelated to the `allowEmptyValues` field +* The `undefined` replaces the `empty` column in previous versions of this specification in order to better align with [RFC6570 §2.3](https://www.rfc-editor.org/rfc/rfc6570.html#section-2.3) terminology, which describes certain values including but not limited to `null` as "undefined" values with special handling; notably, the empty string is _not_ undefined * For `form` and the non-RFC6570 query string styles `spaceDelimited`, `pipeDelimited`, and `deepObject`, each example is shown prefixed with `?` as if it were the only query parameter; see [Appendix C](#usingRFC6570Implementations) for more information on constructing query strings from multiple parameters, and [Appendix D](#serializingHeadersAndCookies) for warnings regarding `form` and cookie parameters +* Note that the `?` prefix is not appropriate for serializing `application/x-www-form-urlencoded` HTTP message bodies, and MUST be stripped or (if constructing the string manually) not added when used in that context; see the [Encoding Object](#encodingObject) for more information * The examples are percent-encoded as required by RFC6570 and RFC3986; see [Appendix E](#percentEncodingAndFormMediaTypes) for a thorough discussion of percent-encoding concerns, including why unencoded `|` (`%7C`), `[` (`%5B`), and `]` (`%5D`) seem to work in some environments despite not being compliant. [`style`](#dataTypeFormat) | `explode` | `empty` | `string` | `array` | `object` @@ -1158,8 +1159,8 @@ matrix | false | ;color | ;color=blue | ;color=blue,black,brown | ;color=R,100,G matrix | true | ;color | ;color=blue | ;color=blue;color=black;color=brown | ;R=100;G=200;B=150 label | false | . | .blue | .blue,black,brown | .R,100,G,200,B,150 label | true | . | .blue | .blue.black.brown | .R=100.G=200.B=150 -simple | false | _e/s_ | blue | blue,black,brown | R,100,G,200,B,150 -simple | true | _e/s_ | blue | blue,black,brown | R=100,G=200,B=150 +simple | false | _empty_ | blue | blue,black,brown | R,100,G,200,B,150 +simple | true | _empty_ | blue | blue,black,brown | R=100,G=200,B=150 form | false | ?color= | ?color=blue | ?color=blue,black,brown | ?color=R,100,G,200,B,150 form | true | ?color= | ?color=blue | ?color=blue&color=black&color=brown | ?R=100&G=200&B=150 spaceDelimited | false | _n/a_ | _n/a_ | ?color=blue%20black%20brown | ?color=R%20100%20G%20200%20B%20150 From ce87bf28b2f7d7c40dc0b7aff3c74cf1aaf23397 Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Mon, 10 Jun 2024 15:40:42 -0700 Subject: [PATCH 116/251] Update Header for changes to copied fields --- versions/3.0.4.md | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 9f46ba19ec..8892cb67f5 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -2464,13 +2464,16 @@ When `example` or `examples` are provided in conjunction with the `schema` objec Serializing with `schema` is NOT RECOMMENDED for headers with parameters (name=value pairs following a `;`) in their values, or where values might have non-URL-safe characters; see [Appendix D](#serializingHeadersAndCookies) for details. +When `example` or `examples` are provided in conjunction with the `schema` object, the example SHOULD match the specified schema and follow the prescribed serialization strategy for the parameter. +The `example` and `examples` fields are mutually exclusive, and if either is present it SHALL _override_ any `example` in the schema. + Field Name | Type | Description ---|:---:|--- style | `string` | Describes how the header value will be serialized. The default (and only legal value for headers) is `simple`. -explode | `boolean` | When this is true, header values of type `array` or `object` generate a single header whose value is a comma-separated list of the array items or key-value pairs of the map, see [Style Examples](#style-examples). For other data types this property has no effect. The default value is `false`. +explode | `boolean` | When this is true, header values of type `array` or `object` generate a single header whose value is a comma-separated list of the array items or key-value pairs of the map, see [Style Examples](#style-examples). For other data types this property has no effect. The default value is `false`. Note that despite `false` being the default for `deepObject`, the combination of `false` with `deepObject` is undefined. schema | [Schema Object](#schemaObject) \| [Reference Object](#referenceObject) | The schema defining the type used for the header. -example | Any | Example of the header's potential value. The example SHOULD match the specified schema and encoding properties if present. The `example` field is mutually exclusive of the `examples` field. Furthermore, if referencing a `schema` that contains an example, the `example` value SHALL _override_ the example provided by the schema. To represent examples of media types that cannot naturally be represented in JSON or YAML, a string value can contain the example with escaping where necessary. -examples | Map[ `string`, [Example Object](#exampleObject) \| [Reference Object](#referenceObject)] | Examples of the header's potential value. Each example SHOULD contain a value in the correct format as specified in the header encoding. The `examples` field is mutually exclusive of the `example` field. Furthermore, if referencing a `schema` that contains an example, the `examples` value SHALL _override_ the example provided by the schema. +example | Any | Example of the header's potential value; see [Working With Examples](#working-with-examples). +examples | Map[ `string`, [Example Object](#exampleObject) \| [Reference Object](#referenceObject)] | Examples of the header's potential value; see [Working With Examples](#working-with-examples). See also [Appendix C: Using RFC6570 Implementations](#usingRFC6570Implementations) for additional guidance. From 17e3eedb403fef8e7c6f67986722035a96fd820f Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Wed, 12 Jun 2024 16:24:59 -0700 Subject: [PATCH 117/251] No need to mention deepObject for Header That style is not usable for the Header Object anyway. --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 8892cb67f5..8dda05e8ba 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -2470,7 +2470,7 @@ The `example` and `examples` fields are mutually exclusive, and if either is pre Field Name | Type | Description ---|:---:|--- style | `string` | Describes how the header value will be serialized. The default (and only legal value for headers) is `simple`. -explode | `boolean` | When this is true, header values of type `array` or `object` generate a single header whose value is a comma-separated list of the array items or key-value pairs of the map, see [Style Examples](#style-examples). For other data types this property has no effect. The default value is `false`. Note that despite `false` being the default for `deepObject`, the combination of `false` with `deepObject` is undefined. +explode | `boolean` | When this is true, header values of type `array` or `object` generate a single header whose value is a comma-separated list of the array items or key-value pairs of the map, see [Style Examples](#style-examples). For other data types this property has no effect. The default value is `false`. schema | [Schema Object](#schemaObject) \| [Reference Object](#referenceObject) | The schema defining the type used for the header. example | Any | Example of the header's potential value; see [Working With Examples](#working-with-examples). examples | Map[ `string`, [Example Object](#exampleObject) \| [Reference Object](#referenceObject)] | Examples of the header's potential value; see [Working With Examples](#working-with-examples). From bdbabd45f83125513fd4b3e5105886ee0e3b38b5 Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Thu, 2 May 2024 11:34:58 -0700 Subject: [PATCH 118/251] Clarify resolving implicit connections (3.0.4) This clarifies how to handle resolving implicit (non-URI-based) connections in multi-document OpenAPI Descriptions. While the behavior is implementation-defined overall, this RECOMMENDS a single approach based on how things behaved going back to the 2.0 referencing model. This allows Security Schemes and Tags to (like the top-level Server Objects) define a deployment-specific interface for referenced documents to access. This entry document interface approach makes less sense for the Discriminator Object, but it can use the URI syntax of `mapping` to keep things within the local document. This also aligns the search for matching `operationId`s with 3.1's full-document parsing requirements. Note that the term "complete OpenAPI document" has been defined in another change pending approval on the 3.0.4 branch. --- versions/3.0.4.md | 34 +++++++++++++++++++++++++++++++++- 1 file changed, 33 insertions(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 8dda05e8ba..5a8e44aba3 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -166,7 +166,7 @@ It is RECOMMENDED that the entry OpenAPI document be named: `openapi.json` or `o When parsing an OAD, JSON or YAML objects are parsed into specific Objects (such as [Operation Objects](#operationObject), [Response Objects](#responseObject), [Reference Objects](#referenceObject), etc.) based on the parsing context. Depending on how references are arranged, a given JSON or YAML object can be parsed in multiple different contexts: -* As a full OpenAPI Description document (an [OpenAPI Object](#oasObject) taking up an entire document) +* As a complete OpenAPI Description document * As the Object type implied by its parent Object within the document * As a reference target, with the Object type matching the reference source's context @@ -174,6 +174,38 @@ If the same JSON/YAML object is parsed multiple times and the respective context #### Resolving Implicit Connections +Several features of this specification require resolving a non-URI-based connection to some other part of the OpenAPI Description (OAD). + +These connections are easily resolved in single-document OADs, but the resolution process in multi-document OADs has never been spelled out, and is therefore _implementation-defined_, within the constraints described in this section. +In some cases, an unambiguous URI-based alternative is available, and OAD authors are RECOMMENDED to always use the alternative: + +Source | Target | Alternative +------ | ------ | ----------- +[Security Requirement Object](#securityRequirementObject) `{name}` | [Security Scheme Object](#securitySchemeObject) name under the [Components Object](#componentsObject) | _n/a_ +[Discriminator Object](#discriminatorObject) `mapping` _(implicit, or explicit name syntax)_ | [Schema Object](#schemaObject) name under the Components Object | `mapping` _(explicit URI syntax)_ +[Operation Object](#operationObject) `tags` | [Tag Object](#tagObject) `name` (in the Components Object) | _n/a_ +[Link Object](#linkObject) `operationId` | [Path Item Object](#pathItemObject) `operationId` | `operationRef` + +A fifth implicit connection, which involves appending the templated URL paths of the [Paths Object](#pathsObject) to the appropriate [Server Object](#serverObject)'s `url` field, is unambiguous because only the entry document's Paths Object contributes URLs to the described API. + +It is RECOMMENDED to consider all Operation Objects from all parsed documents when resolving any Link Object `operationId`. +This requires ensuring that all referenced documents have been parsed prior to determining an `operationId` to be unresolvable. + +The implicit connections in the Security Requirement Object and Discriminator Object rely on the _component name_, which is the property name holding the component in the appropriate typed sub-object of the Components Object. +For example, the component name of the Schema Object at `#/components/schemas/Foo` is `Foo`. +The implicit connection of tags in the Operation Object use the `name` field of Tag Objects, which (like the Components Object) are found under the root OpenAPI Object. +This means that resolving component names and tag names both depend on starting from the correct OpenAPI Object. + +For resolving component and tag name connections from a referenced (non-entry) document, it is RECOMMENDED that tools resolve from the entry document, rather than the current document. +This allows Security Scheme Objects and Tag Objects to be defined with the API's deployment information (the top-level Server Objects), and treated as an interface for referenced documents to access. + +The interface approach can also work for Discriminator Objects and Schema Objects, but it is also possible to keep the Discriminator Object's behavior within a single document using the relative URI-reference syntax of `mapping`. + +There are not currently URI-based alternatives for the Security Requirement Object or for the Operation Object's `tags` field. +These limitations are expected to be addressed in a future release. + +Note that no aspect of implicit connection resolution changes how [URIs are resolved](#relativeReferencesURI), or restricts their possible targets. + ### Data Types Primitive data types in the OAS are based on the types supported by the [JSON Schema Specification Wright Draft 00](https://tools.ietf.org/html/draft-wright-json-schema-00#section-4.2). From 44f08ec4dc50990e0e1dd99c22f9ba4cad0df5be Mon Sep 17 00:00:00 2001 From: Henry Andrews Date: Tue, 28 May 2024 06:58:39 -0700 Subject: [PATCH 119/251] wording review feedback Co-authored-by: Ralf Handl --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 5a8e44aba3..ba9a24d3c2 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -201,7 +201,7 @@ This allows Security Scheme Objects and Tag Objects to be defined with the API's The interface approach can also work for Discriminator Objects and Schema Objects, but it is also possible to keep the Discriminator Object's behavior within a single document using the relative URI-reference syntax of `mapping`. -There are not currently URI-based alternatives for the Security Requirement Object or for the Operation Object's `tags` field. +There currently are no URI-based alternatives for the Security Requirement Object or for the Operation Object's `tags` field. These limitations are expected to be addressed in a future release. Note that no aspect of implicit connection resolution changes how [URIs are resolved](#relativeReferencesURI), or restricts their possible targets. From c302993e0597fcf9c601ec1e06eca7e1d9a42d97 Mon Sep 17 00:00:00 2001 From: Henry Andrews Date: Sat, 8 Jun 2024 13:22:08 -0700 Subject: [PATCH 120/251] Apply suggestions from code review Co-authored-by: Jeremy Fiel <32110157+jeremyfiel@users.noreply.github.com> --- versions/3.0.4.md | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index ba9a24d3c2..a4c4a7317b 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -174,7 +174,8 @@ If the same JSON/YAML object is parsed multiple times and the respective context #### Resolving Implicit Connections -Several features of this specification require resolving a non-URI-based connection to some other part of the OpenAPI Description (OAD). +Several features of this specification require resolution of non-URI-based connections to some other part of the OpenAPI Description (OAD). +`` These connections are easily resolved in single-document OADs, but the resolution process in multi-document OADs has never been spelled out, and is therefore _implementation-defined_, within the constraints described in this section. In some cases, an unambiguous URI-based alternative is available, and OAD authors are RECOMMENDED to always use the alternative: @@ -191,10 +192,10 @@ A fifth implicit connection, which involves appending the templated URL paths of It is RECOMMENDED to consider all Operation Objects from all parsed documents when resolving any Link Object `operationId`. This requires ensuring that all referenced documents have been parsed prior to determining an `operationId` to be unresolvable. -The implicit connections in the Security Requirement Object and Discriminator Object rely on the _component name_, which is the property name holding the component in the appropriate typed sub-object of the Components Object. +The implicit connections in the Security Requirement Object and Discriminator Object rely on the _component name_, which is the property name holding the component in the appropriately typed sub-object of the Components Object. For example, the component name of the Schema Object at `#/components/schemas/Foo` is `Foo`. -The implicit connection of tags in the Operation Object use the `name` field of Tag Objects, which (like the Components Object) are found under the root OpenAPI Object. -This means that resolving component names and tag names both depend on starting from the correct OpenAPI Object. +The implicit connection of `tags` in the Operation Object use the `name` field of Tag Objects, which (like the Components Object) are found under the root OpenAPI Object. +This means resolving component names and tag names both depend on starting from the correct OpenAPI Object. For resolving component and tag name connections from a referenced (non-entry) document, it is RECOMMENDED that tools resolve from the entry document, rather than the current document. This allows Security Scheme Objects and Tag Objects to be defined with the API's deployment information (the top-level Server Objects), and treated as an interface for referenced documents to access. From 8de6836374c60090d12a5add8371b3660cc8043a Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Sat, 8 Jun 2024 13:27:01 -0700 Subject: [PATCH 121/251] More review feedback. --- versions/3.0.4.md | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index a4c4a7317b..0bf24f0854 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -177,7 +177,7 @@ If the same JSON/YAML object is parsed multiple times and the respective context Several features of this specification require resolution of non-URI-based connections to some other part of the OpenAPI Description (OAD). `` -These connections are easily resolved in single-document OADs, but the resolution process in multi-document OADs has never been spelled out, and is therefore _implementation-defined_, within the constraints described in this section. +These connections are unambiguously resolved in single-document OADs, but the resolution process in multi-document OADs is _implementation-defined_, within the constraints described in this section. In some cases, an unambiguous URI-based alternative is available, and OAD authors are RECOMMENDED to always use the alternative: Source | Target | Alternative @@ -187,14 +187,15 @@ Source | Target | Alternative [Operation Object](#operationObject) `tags` | [Tag Object](#tagObject) `name` (in the Components Object) | _n/a_ [Link Object](#linkObject) `operationId` | [Path Item Object](#pathItemObject) `operationId` | `operationRef` -A fifth implicit connection, which involves appending the templated URL paths of the [Paths Object](#pathsObject) to the appropriate [Server Object](#serverObject)'s `url` field, is unambiguous because only the entry document's Paths Object contributes URLs to the described API. +A fifth implicit connection involves appending the templated URL paths of the [Paths Object](#pathsObject) to the appropriate [Server Object](#serverObject)'s `url` field. +This is unambiguous because only the entry document's Paths Object contributes URLs to the described API. It is RECOMMENDED to consider all Operation Objects from all parsed documents when resolving any Link Object `operationId`. -This requires ensuring that all referenced documents have been parsed prior to determining an `operationId` to be unresolvable. +This requires parsing all referenced documents prior to determining an `operationId` to be unresolvable. The implicit connections in the Security Requirement Object and Discriminator Object rely on the _component name_, which is the property name holding the component in the appropriately typed sub-object of the Components Object. For example, the component name of the Schema Object at `#/components/schemas/Foo` is `Foo`. -The implicit connection of `tags` in the Operation Object use the `name` field of Tag Objects, which (like the Components Object) are found under the root OpenAPI Object. +The implicit connection of `tags` in the Operation Object uses the `name` field of Tag Objects, which (like the Components Object) are found under the root OpenAPI Object. This means resolving component names and tag names both depend on starting from the correct OpenAPI Object. For resolving component and tag name connections from a referenced (non-entry) document, it is RECOMMENDED that tools resolve from the entry document, rather than the current document. @@ -202,7 +203,7 @@ This allows Security Scheme Objects and Tag Objects to be defined with the API's The interface approach can also work for Discriminator Objects and Schema Objects, but it is also possible to keep the Discriminator Object's behavior within a single document using the relative URI-reference syntax of `mapping`. -There currently are no URI-based alternatives for the Security Requirement Object or for the Operation Object's `tags` field. +There are no URI-based alternatives for the Security Requirement Object or for the Operation Object's `tags` field. These limitations are expected to be addressed in a future release. Note that no aspect of implicit connection resolution changes how [URIs are resolved](#relativeReferencesURI), or restricts their possible targets. From e11a7cc4dc9991d02994059a922040a66ece71dd Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Mon, 10 Jun 2024 17:01:29 -0700 Subject: [PATCH 122/251] Add example resolution of Security Requirement --- versions/3.0.4.md | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 0bf24f0854..876ff94100 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -206,6 +206,9 @@ The interface approach can also work for Discriminator Objects and Schema Object There are no URI-based alternatives for the Security Requirement Object or for the Operation Object's `tags` field. These limitations are expected to be addressed in a future release. +See [Security Requirement in a Referenced Document](#security-requirement-in-a-referenced-document) for an example of the possible resolutions, including which one is recommended by this section. +The behavior for Discrimator Object non-URI mappings and for the Operation Object's `tags` field operate on the same principles. + Note that no aspect of implicit connection resolution changes how [URIs are resolved](#relativeReferencesURI), or restricts their possible targets. ### Data Types @@ -3796,6 +3799,41 @@ security: - read:pets ``` +###### Security Requirement in a Referenced Document + +See [Resolving Implicit Connections](#resolvingImplicitConnections) for more information. + +Entry document `openapi.yaml`: + +```YAML +components: + securitySchemes: + MySecurity: + type: http + scheme: bearer + bearerFormat: JWT +paths: + /foo: + $ref: "other.yaml#/components/pathItems/Foo" +``` + +Referenced document `other.yaml`: + +```YAML +components: + securitySchemes: + MySecurity: + type: http + scheme: basic + pathItems: + Foo: + get: + security: + - MySecurity: [] +``` + +In this example, it is implementation-defined whether the Security Requirement for "MySecurity" in `other.yaml` resolves to `other.yaml#/components/securitySchemes/MySecurity` or the RECOMMENDED resolved location of `openapi.yaml#/components/securitySchemes/MySecurity`. + ### Specification Extensions While the OpenAPI Specification tries to accommodate most use cases, additional data can be added to extend the specification at certain points. From ae356913c0a85b1a4a5de124bbc6331ded71af16 Mon Sep 17 00:00:00 2001 From: Henry Andrews Date: Tue, 11 Jun 2024 07:59:07 -0700 Subject: [PATCH 123/251] Fix stray random characters (review feedback) Co-authored-by: Ralf Handl --- versions/3.0.4.md | 1 - 1 file changed, 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 876ff94100..154b6924f1 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -175,7 +175,6 @@ If the same JSON/YAML object is parsed multiple times and the respective context #### Resolving Implicit Connections Several features of this specification require resolution of non-URI-based connections to some other part of the OpenAPI Description (OAD). -`` These connections are unambiguously resolved in single-document OADs, but the resolution process in multi-document OADs is _implementation-defined_, within the constraints described in this section. In some cases, an unambiguous URI-based alternative is available, and OAD authors are RECOMMENDED to always use the alternative: From c8a154feff083493d7b97eea62a8ee2968473c75 Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Tue, 11 Jun 2024 09:33:42 -0700 Subject: [PATCH 124/251] example as YAML/JSON via HTTP negotiation --- versions/3.0.4.md | 73 +++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 67 insertions(+), 6 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 154b6924f1..00d7bb0b1a 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -3802,9 +3802,38 @@ security: See [Resolving Implicit Connections](#resolvingImplicitConnections) for more information. -Entry document `openapi.yaml`: +First, our entry document is where parsing begins. It defines the `MySecurity` security scheme to be JWT-based, and it defines on Path Item as a reference to a component in another document: -```YAML +```HTTP +GET /api/description/openapi HTTP/1.1 +Host: www.example.com +Accept: application/openapi+json +``` + +```json +"components": { + "securitySchemes": { + "MySecurity": { + "type": "http", + "scheme": "bearer", + "bearerFormat": "JWT" + } + } +}, +"paths": { + "/foo": { + "$ref": "other#/components/pathItems/Foo" + } +} +``` + +```HTTP +GET /api/description/openapi HTTP/1.1 +Host: www.example.com +Accept: application/openapi+yaml +``` + +```yaml components: securitySchemes: MySecurity: @@ -3813,12 +3842,44 @@ components: bearerFormat: JWT paths: /foo: - $ref: "other.yaml#/components/pathItems/Foo" + $ref: "other#/components/pathItems/Foo" ``` -Referenced document `other.yaml`: +Next, we have our referenced document, `other`, that we presumably request in the same format we requested for the entry document. But the fact that we don't use file extensions gives the client the flexibilty to choose on a resource-by-resource basis, assuming both representations are available: -```YAML +```HTTP +GET /api/description/other HTTP/1.1 +Host: www.example.com +Accept: application/openapi+json +``` + +```json +"components": { + "securitySchemes": { + "MySecurity": { + "type": "http", + "scheme": "basic" + } + }, + "pathItems": { + "Foo": { + "get": { + "security": [ + "MySecurity": [] + ] + } + } + } +} +``` + +```HTTP +GET /api/description/other HTTP/1.1 +Host: www.example.com +Accept: application/openapi+yaml +``` + +```yaml components: securitySchemes: MySecurity: @@ -3831,7 +3892,7 @@ components: - MySecurity: [] ``` -In this example, it is implementation-defined whether the Security Requirement for "MySecurity" in `other.yaml` resolves to `other.yaml#/components/securitySchemes/MySecurity` or the RECOMMENDED resolved location of `openapi.yaml#/components/securitySchemes/MySecurity`. +In this `other` document, the reference path item has a Security Requirement for the Security Scheme "MySecurity". But there is a Security Scheme by that name in the `other` document as well. As discussed in [Resolving Implicit Connections](#resolvingImplicitConnections), which "MySecurity" gets used is [implementation-defined](#undefinedAndImplementationDefinedBehavior). However, as also documented in that section, it is RECOMMENDED that tools resolve component names from the [entry document](#documentStructure). As with all implementation-defined behavior, it is important to check tool documentation to determine which behavior is supported. ### Specification Extensions From 80ec461b2747824e329e22ff6eebd0c40bb0836c Mon Sep 17 00:00:00 2001 From: Henry Andrews Date: Tue, 11 Jun 2024 11:19:26 -0700 Subject: [PATCH 125/251] Formatting fix (review feedback) Co-authored-by: Ralf Handl --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 00d7bb0b1a..54006e4bb2 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -3865,7 +3865,7 @@ Accept: application/openapi+json "Foo": { "get": { "security": [ - "MySecurity": [] + "MySecurity": [] ] } } From 1639c5d43792bebb9229d796e2901773974ed0ee Mon Sep 17 00:00:00 2001 From: Henry Andrews Date: Wed, 12 Jun 2024 10:03:00 -0700 Subject: [PATCH 126/251] Apply suggestions from code review Co-authored-by: Jeremy Fiel <32110157+jeremyfiel@users.noreply.github.com> --- versions/3.0.4.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 54006e4bb2..d0a9538f75 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -3802,7 +3802,7 @@ security: See [Resolving Implicit Connections](#resolvingImplicitConnections) for more information. -First, our entry document is where parsing begins. It defines the `MySecurity` security scheme to be JWT-based, and it defines on Path Item as a reference to a component in another document: +First, our entry document is where parsing begins. It defines the `MySecurity` security scheme to be JWT-based, and it defines a Path Item as a reference to a component in another document: ```HTTP GET /api/description/openapi HTTP/1.1 @@ -3845,7 +3845,7 @@ paths: $ref: "other#/components/pathItems/Foo" ``` -Next, we have our referenced document, `other`, that we presumably request in the same format we requested for the entry document. But the fact that we don't use file extensions gives the client the flexibilty to choose on a resource-by-resource basis, assuming both representations are available: +Next, we have our referenced document, `other`. The fact that we don't use file extensions gives the client the flexibility to choose an acceptable format on a resource-by-resource basis, assuming both representations are available: ```HTTP GET /api/description/other HTTP/1.1 @@ -3892,7 +3892,7 @@ components: - MySecurity: [] ``` -In this `other` document, the reference path item has a Security Requirement for the Security Scheme "MySecurity". But there is a Security Scheme by that name in the `other` document as well. As discussed in [Resolving Implicit Connections](#resolvingImplicitConnections), which "MySecurity" gets used is [implementation-defined](#undefinedAndImplementationDefinedBehavior). However, as also documented in that section, it is RECOMMENDED that tools resolve component names from the [entry document](#documentStructure). As with all implementation-defined behavior, it is important to check tool documentation to determine which behavior is supported. +In the `other` document, the referenced path item has a Security Requirement for a Security Scheme, `MySecurity`. The same Security Scheme exists in the original entry document. As outlined in [Resolving Implicit Connections](#resolvingImplicitConnections), `MySecurity` is resolved with an [implementation-defined behavior](#undefinedAndImplementationDefinedBehavior). However, documented in that section, it is RECOMMENDED that tools resolve component names from the [entry document](#documentStructure). As with all implementation-defined behavior, it is important to check tool documentation to determine which behavior is supported. ### Specification Extensions From 64bba018d1ec5f9c16a317c5ad6841987c3cf19a Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Thu, 13 Jun 2024 11:52:19 -0700 Subject: [PATCH 127/251] Fix heading levels An off-by-one caused respec to change all subsequent heading levels. --- versions/3.0.4.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 8dda05e8ba..40adbb6f1a 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -2447,7 +2447,7 @@ The Header Object follows the structure of the [Parameter Object](#parameterObje 1. `in` MUST NOT be specified, it is implicitly in `header`. 1. All traits that are affected by the location MUST be applicable to a location of `header` (for example, [`style`](#parameterStyle)). This means that `allowEmptyValue` and `allowReserved` MUST NOT be used, and `style`, if used, MUST be limited to `simple`. -###### Common Fixed Fields +##### Common Fixed Fields These fields MAY be used with either `content` or `schema`. @@ -2457,7 +2457,7 @@ Field Name | Type | Description required | `boolean` | Determines whether this header is mandatory. The default value is `false`. deprecated | `boolean` | Specifies that the header is deprecated and SHOULD be transitioned out of usage. Default value is `false`. -###### Fixed Fields for use with `schema` +##### Fixed Fields for use with `schema` For simpler scenarios, a [`schema`](#headerSchema) and [`style`](#headerStyle) can describe the structure and syntax of the header. When `example` or `examples` are provided in conjunction with the `schema` object, the example MUST follow the prescribed serialization strategy for the header. @@ -2477,7 +2477,7 @@ Field Name | Type | Description See also [Appendix C: Using RFC6570 Implementations](#usingRFC6570Implementations) for additional guidance. -###### Fixed Fields for use with `content` +##### Fixed Fields for use with `content` For more complex scenarios, the [`content`](#headerContent) property can define the media type and schema of the header, as well as give examples of its use. Using `content` with a `text/plain` media type is RECOMMENDED for headers where the `schema` strategy is not appropriate. From d4ae1ddd57bc818b849ad0d6bb2335f5819888bc Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Sun, 9 Jun 2024 10:55:39 -0700 Subject: [PATCH 128/251] Fix XML namespace syntax The XML Object's namespace field was changed from "URL" to "absolute URI" because relative references in a namespace are deprecated by XML, and the base URI to use for resolving them in the context of an OpenAPI Description is unclear. However, XML namespaces can include fragments, and the correct term is "non-relative URI" rather than "absolute URI" which forbids fragments. This change includes additional guidance on how XML usage and the requirements of this specification do not quite align. --- versions/3.0.4.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 8dda05e8ba..7f544024c0 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -3183,13 +3183,19 @@ See examples for expected behavior. Field Name | Type | Description ---|:---:|--- name | `string` | Replaces the name of the element/attribute used for the described schema property. When defined within `items`, it will affect the name of the individual XML elements within the list. When defined alongside `type` being `array` (outside the `items`), it will affect the wrapping element and only if `wrapped` is `true`. If `wrapped` is `false`, it will be ignored. -namespace | `string` | The URI of the namespace definition. Value MUST be in the form of an absolute URI. +namespace | `string` | The URI of the namespace definition. Value MUST be in the form of a non-relative URI. prefix | `string` | The prefix to be used for the [name](#xmlName). attribute | `boolean` | Declares whether the property definition translates to an attribute instead of an element. Default value is `false`. wrapped | `boolean` | MAY be used only for an array definition. Signifies whether the array is wrapped (for example, ``) or unwrapped (``). Default value is `false`. The definition takes effect only when defined alongside `type` being `array` (outside the `items`). This object MAY be extended with [Specification Extensions](#specificationExtensions). +The `namespace` keyword is intended to match the syntax of [XML namespaces](https://www.w3.org/TR/xml-names11/), although there are a few caveats: + +* Version 3.0.3 and earlier of this specification erroneously used the term "absolute URI" instead of "non-relative URI", so authors using namespaces that include a fragment should check tooling support carefully. +* XML allows but discourages relative URI-references, while this specification outright forbids them. +* XML 1.1 allows IRIs ([RFC3987](https://datatracker.ietf.org/doc/html/rfc3987)) as namespaces, and specifies that namespaces are compared without any encoding or decoding, which means that IRIs encoded to meet this specification's URI syntax requirement cannot be compared to IRIs as-is. + ##### XML Object Examples Each of the following examples represent the value of the `properties` keyword in a [Schema Object](#schemaObject) that is omitted for brevity. From 7b3d9d9e91ce9335c9e3547a99af1e3dd6316a74 Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Thu, 13 Jun 2024 12:22:08 -0700 Subject: [PATCH 129/251] Clarify discriminator non-impact on validation Be very explicit that discriminator MUST NOT change the validation outcome, and explain the implication for the "allOf" use case. --- versions/3.0.4.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 8dda05e8ba..78c4643e79 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -3026,6 +3026,8 @@ When request bodies or response payloads may be one of a number of different sch This hint can be used to aid in serialization, deserialization, and validation. The Discriminator Object does this by implicitly or explicitly associating the possible values of a named property with alternative schemas. +Note that `discriminator` MUST NOT change the validation outcome of the schema. + ##### Fixed Fields Field Name | Type | Description ---|:---:|--- @@ -3034,11 +3036,16 @@ Field Name | Type | Description ##### Conditions for Using the Discriminator Object The Discriminator Object is legal only when using one of the composite keywords `oneOf`, `anyOf`, `allOf`. + In both the `oneOf` and `anyOf` use cases, where those keywords are adjacent to `discriminator`, all possible schemas MUST be listed explicitly. + To avoid redundancy, the discriminator MAY be added to a parent schema definition, and all schemas building on the parent schema via an `allOf` construct may be used as an alternate schema. It is implementation-defined as to whether all named [Schema Objects](#schemaObject) under the [Components Object](#componentsObject), or only those that are otherwise directly referenced are searched for `allOf` references to the parent schema. However, it is RECOMMENDED to search all named schemas in the Components Object because it is common with the `allOf` usage for other parts of the API to only directly reference the parent schema. +The `allOf` form of `discriminator` is _only_ useful for non-validation use cases; validation with the parent schema with this form of `discriminator` _does not_ perform a search for child schemas or use them in validation in any way. +This is because `discriminator` cannot change the validation outcome, and no standard JSON Schema keyword connects the parent schema to the child schemas. + The behavior of any configuration of `oneOf`, `anyOf`, `allOf` and `discriminator` that is not described above is undefined. ##### Options for Mapping Values to Schemas From 7dd77192ada6bfaefe371e27711eef033ab5f092 Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Thu, 13 Jun 2024 12:26:38 -0700 Subject: [PATCH 130/251] 3.0 uses URLs not URIs in refs --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index d0a9538f75..d13d1ab904 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -208,7 +208,7 @@ These limitations are expected to be addressed in a future release. See [Security Requirement in a Referenced Document](#security-requirement-in-a-referenced-document) for an example of the possible resolutions, including which one is recommended by this section. The behavior for Discrimator Object non-URI mappings and for the Operation Object's `tags` field operate on the same principles. -Note that no aspect of implicit connection resolution changes how [URIs are resolved](#relativeReferencesURI), or restricts their possible targets. +Note that no aspect of implicit connection resolution changes how [URLs are resolved](#relativeReferences), or restricts their possible targets. ### Data Types From 58052838d769277aa10af66d6d79b805f73d484d Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Thu, 13 Jun 2024 13:22:21 -0700 Subject: [PATCH 131/251] Use document/description/definition consistently This tries to be consistent about using "describe" rather than "define" and using "description" for the entire potentially-multi-document thing, and "document" (or sometimes "description document") to refer to individual documents in the description. --- versions/3.0.4.md | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 8dda05e8ba..f7dc5e8493 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -126,11 +126,11 @@ The OpenAPI Specification is versioned using a `major`.`minor`.`patch` versionin Occasionally, non-backwards compatible changes may be made in `minor` versions of the OAS where impact is believed to be low relative to the benefit provided. -An OpenAPI document compatible with OAS 3.\*.\* contains a required [`openapi`](#oasVersion) field which designates the version of the OAS that it uses. +An OpenAPI description document compatible with OAS 3.\*.\* contains a required [`openapi`](#oasVersion) field which designates the version of the OAS that it uses. ### Format -An OpenAPI document that conforms to the OpenAPI Specification is itself a JSON object, which may be represented either in JSON or YAML format. +An OpenAPI description document that conforms to the OpenAPI Specification is itself a JSON object, which may be represented either in JSON or YAML format. For example, if a field has an array value, the JSON array representation will be used: @@ -151,7 +151,7 @@ In order to preserve the ability to round-trip between YAML and JSON formats, YA - Tags MUST be limited to those allowed by [YAML's JSON schema ruleset](https://yaml.org/spec/1.2/spec.html#id2803231), which defines a subset of the YAML syntax and is unrelated to [JSON Schema](https://tools.ietf.org/html/draft-wright-json-schema-00). - Keys used in YAML maps MUST be limited to a scalar string, as defined by the [YAML Failsafe schema ruleset](https://yaml.org/spec/1.2/spec.html#id2802346). -**Note:** While APIs may be defined by OpenAPI documents in either YAML or JSON format, the API request and response bodies and other content are not required to be JSON or YAML. +**Note:** While APIs may be described by OpenAPI documents in either YAML or JSON format, the API request and response bodies and other content are not required to be JSON or YAML. ### OpenAPI Description Structure @@ -2285,9 +2285,9 @@ Field Name | Type | Description This object MAY be extended with [Specification Extensions](#specificationExtensions). A linked operation MUST be identified using either an `operationRef` or `operationId`. -In the case of an `operationId`, it MUST be unique and resolved in the scope of the OAS document. +In the case of an `operationId`, it MUST be unique and resolved in the scope of the OpenAPI description. Because of the potential for name clashes, the `operationRef` syntax is preferred -for specifications with external references. +for multi-document OpenAPI descriptions. Note that it is not possible to provide a constant value to `parameters` that matches the syntax of a runtime expression. It is possible to have ambiguous parameter names, e.g. `name: id, in: path` and `name: path.id, in: query`; this is NOT RECOMMENDED and the behavior is implementation-defined, however implementations SHOULD prefer the qualified interpretation (`path.id` as a path parameter), as the names can always be qualified to disambiguate them (e.g. using `query.path.id` for the query paramter). @@ -3078,7 +3078,7 @@ MyResponseType: propertyName: petType ``` -The expectation now is that a property with name `petType` _MUST_ be present in the response payload, and the value will correspond to the name of a schema defined in the OAS document. Thus the response payload: +The expectation now is that a property with name `petType` _MUST_ be present in the response payload, and the value will correspond to the name of a schema defined in the OpenAPI description. Thus the response payload: ```json { @@ -3795,7 +3795,7 @@ Two examples of this: ### OpenAPI Document Formats -OpenAPI documents use JSON, YAML, and JSON Schema, and therefore share their security considerations: +OpenAPI description documents use JSON, YAML, and JSON Schema, and therefore share their security considerations: - [JSON](https://www.iana.org/assignments/media-types/application/json) - [YAML](https://www.iana.org/assignments/media-types/application/yaml) - [JSON Schema Core](https://json-schema.org/draft/2020-12/json-schema-core#section-13) @@ -3803,15 +3803,15 @@ OpenAPI documents use JSON, YAML, and JSON Schema, and therefore share their sec ### Tooling and Usage Scenarios -In addition, OpenAPI documents are processed by a wide variety of tooling for numerous different purposes, such as client code generation, documentation generation, server side routing, and API testing. OpenAPI document authors must consider the risks of the scenarios where the OpenAPI document may be used. +In addition, OpenAPI description documents are processed by a wide variety of tooling for numerous different purposes, such as client code generation, documentation generation, server side routing, and API testing. OpenAPI description authors must consider the risks of the scenarios where the OpenAPI description may be used. ### Security Schemes -An OpenAPI document describes the security schemes used to protect the resources it defines. The security schemes available offer varying degrees of protection. Factors such as the sensitivity of the data and the potential impact of a security breach should guide the selection of security schemes for the API resources. Some security schemes, such as basic auth and OAuth Implicit flow, are supported for compatibility with existing APIs. However, their inclusion in OpenAPI does not constitute an endorsement of their use, particularly for highly sensitive data or operations. +An OpenAPI description describes the security schemes used to protect the resources it defines. The security schemes available offer varying degrees of protection. Factors such as the sensitivity of the data and the potential impact of a security breach should guide the selection of security schemes for the API resources. Some security schemes, such as basic auth and OAuth Implicit flow, are supported for compatibility with existing APIs. However, their inclusion in OpenAPI does not constitute an endorsement of their use, particularly for highly sensitive data or operations. ### Handling External Resources -OpenAPI documents may contain references to external resources that may be dereferenced automatically by consuming tools. External resources may be hosted on different domains that may be untrusted. References in an OpenAPI document, or across OpenAPI documents may cause a cycle. Tooling must detect and handle cycles to prevent resource exhaustion. +OpenAPI description documents may contain references to external resources that may be dereferenced automatically by consuming tools. External resources may be hosted on different domains that may be untrusted. References in an OpenAPI document, or across OpenAPI documents within a multi-document OpenAPI description, may cause a cycle. Tooling must detect and handle cycles to prevent resource exhaustion. ### Markdown and HTML Sanitization From 97a735999f8a7d84e9246805a3741f7d163f6afe Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Fri, 14 Jun 2024 15:41:59 -0700 Subject: [PATCH 132/251] Fix stray mentions of parameters in other objects Encoding Object and Header Object descriptions had a few incorrect usages of "parameter" or related text left in. --- versions/3.0.4.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 8dda05e8ba..8393eecd36 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -1697,7 +1697,7 @@ Field Name | Type | Description ---|:---:|--- style | `string` | Describes how a specific property value will be serialized depending on its type. See [Parameter Object](#parameterObject) for details on the [`style`](#parameterStyle) property. The behavior follows the same values as `query` parameters, including default values. Note that the initial `?` using in query strings is not used in `applcation/x-www-form-urlencoded` message bodies, and MUST be removed (if using an RFC6570 implementation) or simply not added (if constructing the string manually). This property SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. explode | `boolean` | When this is true, property values of type `array` or `object` generate separate parameters for each value of the array, or key-value-pair of the map. For other types of properties this property has no effect. When [`style`](#encodingStyle) is `form`, the default value is `true`. For all other styles, the default value is `false`. Note that despite `false` being the default for `deepObject`, the combination of `false` with `deepObject` is undefined. This property SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. -allowReserved | `boolean` | When this is true, parameter values are serialized using reserved expansion, as defined by [RFC6570](https://datatracker.ietf.org/doc/html/rfc6570#autoid-20), which allows [RFC3986's reserved character set](https://datatracker.ietf.org/doc/html/rfc3986#autoid-13), as well as percent-encoded triples, to pass through unchanged, while still percent-encoding all other disallowed characters (including `%` outside of percent-encoded triples). Applications are still responsible for percent-encoding reserved characters that are [not allowed in the query string](https://datatracker.ietf.org/doc/html/rfc3986#autoid-24) (`[`, `]`, `#`), or have a special meaning in `application/x-www-form-urlencoded` (`-`, `&`, `+`); see Appendices [C](#usingRFC6570Implementations) and [E](#percentEncodingAndFormMediaTypes) for details. This property only applies to parameters with an `in` value of `query`. The default value is `false`. This property SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. +allowReserved | `boolean` | When this is true, parameter values are serialized using reserved expansion, as defined by [RFC6570](https://datatracker.ietf.org/doc/html/rfc6570#autoid-20), which allows [RFC3986's reserved character set](https://datatracker.ietf.org/doc/html/rfc3986#autoid-13), as well as percent-encoded triples, to pass through unchanged, while still percent-encoding all other disallowed characters (including `%` outside of percent-encoded triples). Applications are still responsible for percent-encoding reserved characters that are [not allowed in the query string](https://datatracker.ietf.org/doc/html/rfc3986#autoid-24) (`[`, `]`, `#`), or have a special meaning in `application/x-www-form-urlencoded` (`-`, `&`, `+`); see Appendices [C](#usingRFC6570Implementations) and [E](#percentEncodingAndFormMediaTypes) for details. The default value is `false`. This property SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. See also [Appendix C: Using RFC6570 Implementations](#usingRFC6570Implementations) for additional guidance. @@ -2464,7 +2464,7 @@ When `example` or `examples` are provided in conjunction with the `schema` objec Serializing with `schema` is NOT RECOMMENDED for headers with parameters (name=value pairs following a `;`) in their values, or where values might have non-URL-safe characters; see [Appendix D](#serializingHeadersAndCookies) for details. -When `example` or `examples` are provided in conjunction with the `schema` object, the example SHOULD match the specified schema and follow the prescribed serialization strategy for the parameter. +When `example` or `examples` are provided in conjunction with the `schema` object, the example SHOULD match the specified schema and follow the prescribed serialization strategy for the header. The `example` and `examples` fields are mutually exclusive, and if either is present it SHALL _override_ any `example` in the schema. Field Name | Type | Description From 4a4289f95c65802390b4affc9da97835f0122fe7 Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Sat, 15 Jun 2024 09:44:24 -0700 Subject: [PATCH 133/251] Include Header Object in data serialization list The PR adding Appendix B pre-dated giving the Header Object its own field tables. This adds "Header Object" to the list of relevant Objects along with the Paramter Object and the Encoding Object. --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 40adbb6f1a..a587e52b78 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -3842,7 +3842,7 @@ Serializing typed data to plain text, which can occur in `text/plain` message bo Schema Objects validate data based on the [JSON Schema data model](https://datatracker.ietf.org/doc/html/draft-wright-json-schema-00#section-4.2), which only recognizes four primitive data types: strings (which are [only broadly interoperable as UTF-8](https://datatracker.ietf.org/doc/html/rfc7159#section-8.1)), numbers, booleans, and `null`. Notably, integers are not a distinct type from other numbers, with `type: integer` being a convenience defined mathematically, rather than based on the presence or absence of a decimal point in any string representation. -The [Parameter Object](#parameterObject) and [Encoding Object](#encodingObject) offer features to control how to arrange values from array or object types. +The [Parameter Object](#parameterObject), [Header Object](#headerObject) and [Encoding Object](#encodingObject) offer features to control how to arrange values from array or object types. They can also be used to control how strings are further encoded to avoid reserved or illegal characters. However, there is no general-purpose specification for converting schema-validated non-UTF-8 primitive data types (or entire arrays or objects) to strings. From eabf995ac1179fdd3fb1b791c9dc457bc06731ad Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Mon, 17 Jun 2024 11:36:56 -0700 Subject: [PATCH 134/251] Consisent x- Param/Encoding/Header wording (3.0.4) It was a bit challenging to figure out where to put the wording about allowing extension parameters when there are multiple fixed fields tables, each in their own subsection. For the Parameter Object (the only one with multiple tables in past releases), it had been after the last table, but that got further and further away from what felt like the main part of the Object description. I thought I had put it consistently after the initial "Common Fixed Fields" table, but I put it even before that in one place (which we don't do anywhere), and I forgot to include it in the Header Object at all. This change puts it after the Common Fixed Fields table for all three, which means that for all Objects it is immediately after the first Fixed Fields table. --- versions/3.0.4.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index bcdcd11cef..db7b45c044 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -1108,8 +1108,6 @@ The rules for serialization of the parameter are specified in one of two ways. Parameter Objects MUST include either a `content` field or a `schema` field, but not both. See [Appendix B](#dataTypeConversion) for a discussion of converting values of various types to string representations. -This object MAY be extended with [Specification Extensions](#specificationExtensions). - ###### Common Fixed Fields These fields MAY be used with either `content` or `schema`. @@ -1123,6 +1121,8 @@ Field Name | Type | Description deprecated | `boolean` | Specifies that a parameter is deprecated and SHOULD be transitioned out of usage. Default value is `false`. allowEmptyValue | `boolean` | If `true`, clients MAY pass a zero-length string value in place of parameters that would otherwise be omitted entirely, which the server SHOULD interpret as the parameter being unused. Default value is `false`. If [`style`](#parameterStyle) is used, and if [behavior is _n/a_ (cannot be serialized)](#style-examples), the value of `allowEmptyValue` SHALL be ignored. Interactions between this field and the parameter's [Schema Object](#schemaObject) are implementation-defined. This field is valid only for `query` parameters. Use of this property is NOT RECOMMENDED, and it is likely to be removed in a later revision. +This object MAY be extended with [Specification Extensions](#specificationExtensions). + Note that while `"Cookie"` as a `name` is not forbidden with `in: header`, the effect of defining a cookie parameter that way is undefined; use `in: cookie` instead. ###### Fixed Fields for use with `schema` @@ -2493,6 +2493,8 @@ Field Name | Type | Description required | `boolean` | Determines whether this header is mandatory. The default value is `false`. deprecated | `boolean` | Specifies that the header is deprecated and SHOULD be transitioned out of usage. Default value is `false`. +This object MAY be extended with [Specification Extensions](#specificationExtensions). + ##### Fixed Fields for use with `schema` For simpler scenarios, a [`schema`](#headerSchema) and [`style`](#headerStyle) can describe the structure and syntax of the header. From 6a72329c8da62c83af1542bcbba1aedb5327887c Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Sat, 15 Jun 2024 16:51:23 -0700 Subject: [PATCH 135/251] Minor editiorial and link target fixes (3.0.4) * Fix a copy-paste error that broke a link in an appendix * Fix a sentence that just kind of... wandered off * Prevent line breaks after the `?` in the form examples --- versions/3.0.4.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index db7b45c044..3918dc0784 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -1197,14 +1197,14 @@ label | false | . | .blue | .blue,black,brown | .R,100,G,200,B,150 label | true | . | .blue | .blue.black.brown | .R=100.G=200.B=150 simple | false | _empty_ | blue | blue,black,brown | R,100,G,200,B,150 simple | true | _empty_ | blue | blue,black,brown | R=100,G=200,B=150 -form | false | ?color= | ?color=blue | ?color=blue,black,brown | ?color=R,100,G,200,B,150 -form | true | ?color= | ?color=blue | ?color=blue&color=black&color=brown | ?R=100&G=200&B=150 -spaceDelimited | false | _n/a_ | _n/a_ | ?color=blue%20black%20brown | ?color=R%20100%20G%20200%20B%20150 +form | false | ?color= | ?color=blue | ?color=blue,black,brown | ?color=R,100,G,200,B,150 +form | true | ?color= | ?color=blue | ?color=blue&color=black&color=brown | ?R=100&G=200&B=150 +spaceDelimited | false | _n/a_ | _n/a_ | ?color=blue%20black%20brown | ?color=R%20100%20G%20200%20B%20150 spaceDelimited | true | _n/a_ | _n/a_ | _n/a_ | _n/a_ -pipeDelimited | false | _n/a_ | _n/a_ | ?color=blue%7Cblack%7Cbrown | ?color=R%7C100%7CG%7C200%7CB%7C150 +pipeDelimited | false | _n/a_ | _n/a_ | ?color=blue%7Cblack%7Cbrown | ?color=R%7C100%7CG%7C200%7CB%7C150 pipeDelimited | true | _n/a_ | _n/a_ | _n/a_ | _n/a_ deepObject | false | _n/a_ | _n/a_ | _n/a_ | _n/a_ -deepObject | true | _n/a_ | _n/a_ | _n/a_ | ?color%5BR%5D=100&color%5BG%5D=200&color%5BB%5D=150 +deepObject | true | _n/a_ | _n/a_ | _n/a_ | ?color%5BR%5D=100&color%5BG%5D=200&color%5BB%5D=150 ##### Parameter Object Examples @@ -3917,7 +3917,7 @@ The extensions properties are implemented as patterned fields that are always pr Field Pattern | Type | Description ---|:---:|--- -^x- | Any | Allows extensions to the OpenAPI Schema. The field name MUST begin with `x-`, for example, `x-internal-id`. The value can be any valid JSON format value (`null`, a primitive, an array or an object.) +^x- | Any | Allows extensions to the OpenAPI Schema. The field name MUST begin with `x-`, for example, `x-internal-id`. The value can be any valid JSON value (`null`, a primitive, an array or an object.) The OpenAPI Initiative maintains several [extension registries](https://spec.openapis.org/registry/index.html), including registries for [individual extension keywords](https://spec.openapis.org/registry/extension/) and [extension keyword namespaces](https://spec.openapis.org/registry/namespace/). @@ -4149,7 +4149,7 @@ parameters: We can't combine the `?` and `+` RFC6570 prefixes, and there's no way with RFC6570 to replace the `,` separator with a space character. So we need to restructure the data to fit a manually constructed URI Template that passes all of the pieces through the right sort of expansion. -Here is one such template, using a made-up convention of `words.0` for the first entry in the words value, `words.1` for the second. +Here is one such template, using a made-up convention of `words.0` for the first entry in the words value, `words.1` for the second, and `words.2` for the third: ```urlencoded ?a={+a}&b={+b}&c={+c}&words={words.0} {words.1} {words.2} @@ -4162,7 +4162,7 @@ We'll also need to pre-process the values for `formulas` because while `/` and m Setting `allowReserved: true` does _not_ make reserved characters that are not allowed in URIs allowed, it just allows them to be _passed through expansion unchanged._ Therefore, any tooling still needs to percent-encode those characters because reserved expansion will not do it, but it _will_ leave the percent-encoded triples unchanged. -See also [Appendix E](#to indicate name hierarchy in substructures) for further guidance on percent-encoding and form media types, including guidance on handling the delimiter characters for `spaceDelimited`, `pipeDelimited`, and `deepObject` in parameter names and values. +See also [Appendix E](#percentEncodingAndFormMediaTypes) for further guidance on percent-encoding and form media types, including guidance on handling the delimiter characters for `spaceDelimited`, `pipeDelimited`, and `deepObject` in parameter names and values. So here is our data structure that arranges the names and values to suit the template above, where values for `formulas` have `[]#&=+` pre-percent encoded (although only `+` appears in this example): From 8baca79f33913d04f65a8d6263ef1cd5c3080bdc Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Wed, 19 Jun 2024 09:08:07 -0700 Subject: [PATCH 136/251] format: byte also defaults to octet-stream (3.0.4) The description of defaults in the `contentType` fixed fields table in 3.0.3 did not match the description in the Media Type Object's "Considerations for multipart" section. The "considerations for multipart" section appears to be more complete and correct in both 3.0.3 and 3.1.1, so this adjusts that table that replaced the fixed field defaults description to match the "considerations for multipart" section. --- versions/3.0.4.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 3918dc0784..56b37ec066 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -1717,8 +1717,8 @@ The default values for `contentType` are as follows, where an _n/a_ in the `form Property `type` | Property `format` | Default `contentType` ------------- | --------------- | --------------------- -`string` | `binary` | `application/octet-stream` -`string` | _none, or any except `binary`_ | `text/plain` +`string` | `binary` _or_ `byte` | `application/octet-stream` +`string` | _none, or any except `binary` or `byte`_ | `text/plain` `number`, `integer`, or `boolean` | _n/a_ | `text/plain` `object` | _n/a_ | `application/json` `array` | _n/a_ | according to the `type` and `format` of the `items` schema From e37325e6a3bb4b5feea54422d00607cc65bc001d Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Wed, 19 Jun 2024 10:44:52 -0700 Subject: [PATCH 137/251] More definition -> description --- versions/3.0.4.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index f7dc5e8493..59c9ee5a68 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -10,7 +10,7 @@ This document is licensed under [The Apache License, Version 2.0](https://www.ap The OpenAPI Specification (OAS) defines a standard, language-agnostic interface to RESTful APIs which allows both humans and computers to discover and understand the capabilities of the service without access to source code, documentation, or through network traffic inspection. When properly defined, a consumer can understand and interact with the remote service with a minimal amount of implementation logic. -An OpenAPI definition can then be used by documentation generation tools to display the API, code generation tools to generate servers and clients in various programming languages, testing tools, and many other use cases. +An OpenAPI description can then be used by documentation generation tools to display the API, code generation tools to generate servers and clients in various programming languages, testing tools, and many other use cases. For examples of OpenAPI usage and additional documentation, please visit [learn.openapis.org](https://learn.openapis.org/). @@ -2275,7 +2275,7 @@ For computing links, and providing instructions to execute them, a [runtime expr Field Name | Type | Description ---|:---:|--- -operationRef | `string` | A relative or absolute URI reference to an OAS operation. This field is mutually exclusive of the `operationId` field, and MUST point to an [Operation Object](#operationObject). Relative `operationRef` values MAY be used to locate an existing [Operation Object](#operationObject) in the OpenAPI definition. +operationRef | `string` | A relative or absolute URI reference to an OAS operation. This field is mutually exclusive of the `operationId` field, and MUST point to an [Operation Object](#operationObject). Relative `operationRef` values MAY be used to locate an existing [Operation Object](#operationObject) in the OpenAPI description. operationId | `string` | The name of an _existing_, resolvable OAS operation, as defined with a unique `operationId`. This field is mutually exclusive of the `operationRef` field. parameters | Map[`string`, Any \| [{expression}](#runtimeExpression)] | A map representing parameters to pass to an operation as specified with `operationId` or identified via `operationRef`. The key is the parameter name to be used (optionally qualified with the parameter location, e.g. `path.id` for an `id` parameter in the path), whereas the value can be a constant or an expression to be evaluated and passed to the linked operation. requestBody | Any \| [{expression}](#runtimeExpression) | A literal value or [{expression}](#runtimeExpression) to use as a request body when calling the target operation. From 72f0aa6ed513d62887d927a63daea0aa605fedf5 Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Wed, 19 Jun 2024 16:32:08 -0700 Subject: [PATCH 138/251] Start consolidating media / encoding guidance This just moves (and occasionally copies) blocks of text and/or examples in preparation form more substantial streamlining. No modifications were made to any block. --- versions/3.0.4.md | 216 +++++++++++++++++++++++----------------------- 1 file changed, 110 insertions(+), 106 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 3918dc0784..9f3b5864ce 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -1472,6 +1472,8 @@ Field Name | Type | Description This object MAY be extended with [Specification Extensions](#specificationExtensions). +An `encoding` attribute is introduced to give you control over the serialization of parts of `multipart` request bodies. This attribute is _only_ applicable to request bodies, and _only_ for `multipart` and `application/x-www-form-urlencoded` media types. + ##### Media Type Examples ```json @@ -1578,22 +1580,69 @@ requestBody: To upload multiple files, a `multipart` media type MUST be used: -```yaml -requestBody: - content: - multipart/form-data: - schema: - properties: - # The property name 'file' will be used for all files. - file: - type: array - items: - type: string - format: binary +##### Support for x-www-form-urlencoded Request Bodies -``` +##### Special Considerations for `multipart` Content -##### Support for x-www-form-urlencoded Request Bodies +#### Encoding Object + +A single encoding definition applied to a single schema property. +See [Appendix B](#dataTypeConversion) for a discussion of converting values of various types to string representations. + +Properties are correlated with `multipart` parts using the `name` parameter to `Content-Disposition: form-data`, and with `application/x-www-form-urlencoded` using the query string paramter names. +In both cases, their order is implementation-defined. + +See [Appendix E](#percentEncodingAndFormMediaTypes) for a detailed examination of percent-encoding concerns for form media types. + +###### Common Fixed Fields + +These fields MAY be used either with or without the RFC6570-style serialization fields defined in the next section below. + +Field Name | Type | Description +---|:---:|--- +contentType | `string` | The `Content-Type` for encoding a specific property. The value is a comma-separated list, each element of which is either a specific media type (e.g. `image/png`) or a wildcard media type (e.g. `image/*`). Default value depends on the property type as shown in the table below. +headers | Map[`string`, [Header Object](#headerObject) \| [Reference Object](#referenceObject)] | A map allowing additional information to be provided as headers. `Content-Type` is described separately and SHALL be ignored in this section. This property SHALL be ignored if the request body media type is not a `multipart`. + +This object MAY be extended with [Specification Extensions](#specificationExtensions). + +The default values for `contentType` are as follows, where an _n/a_ in the `format` column means that the presence or value of `format` is irrelevant: + +Property `type` | Property `format` | Default `contentType` +------------- | --------------- | --------------------- +`string` | `binary` | `application/octet-stream` +`string` | _none, or any except `binary`_ | `text/plain` +`number`, `integer`, or `boolean` | _n/a_ | `text/plain` +`object` | _n/a_ | `application/json` +`array` | _n/a_ | according to the `type` and `format` of the `items` schema + +Determining how to handle `null` values if `nullable: true` is present depends on how `null` values are being serialized. +If `null` values are entirely omitted, then the `contentType` is irrelevant. +See [Appendix B](#dataTypeConversion) for a discussion of data type conversion options. + +##### Fixed Fields for RFC6570-style Serialization + +Field Name | Type | Description +---|:---:|--- +style | `string` | Describes how a specific property value will be serialized depending on its type. See [Parameter Object](#parameterObject) for details on the [`style`](#parameterStyle) property. The behavior follows the same values as `query` parameters, including default values. Note that the initial `?` using in query strings is not used in `applcation/x-www-form-urlencoded` message bodies, and MUST be removed (if using an RFC6570 implementation) or simply not added (if constructing the string manually). This property SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. +explode | `boolean` | When this is true, property values of type `array` or `object` generate separate parameters for each value of the array, or key-value-pair of the map. For other types of properties this property has no effect. When [`style`](#encodingStyle) is `form`, the default value is `true`. For all other styles, the default value is `false`. Note that despite `false` being the default for `deepObject`, the combination of `false` with `deepObject` is undefined. This property SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. +allowReserved | `boolean` | When this is true, parameter values are serialized using reserved expansion, as defined by [RFC6570](https://datatracker.ietf.org/doc/html/rfc6570#autoid-20), which allows [RFC3986's reserved character set](https://datatracker.ietf.org/doc/html/rfc3986#autoid-13), as well as percent-encoded triples, to pass through unchanged, while still percent-encoding all other disallowed characters (including `%` outside of percent-encoded triples). Applications are still responsible for percent-encoding reserved characters that are [not allowed in the query string](https://datatracker.ietf.org/doc/html/rfc3986#autoid-24) (`[`, `]`, `#`), or have a special meaning in `application/x-www-form-urlencoded` (`-`, `&`, `+`); see Appendices [C](#usingRFC6570Implementations) and [E](#percentEncodingAndFormMediaTypes) for details. The default value is `false`. This property SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. + +See also [Appendix C: Using RFC6570 Implementations](#usingRFC6570Implementations) for additional guidance. + +The role of `contentType` with `application/x-www-form-urlencoded` request bodies was not described in detail in version 3.0.3 and earlier of this specification. +To match the intent of these fields and be compatible with version 3.1 of this specification, it is RECOMMENDED that whenever any of `style`, `explode`, or `allowReserved` are present with an explicit value: + +* The value of `contentType`, whether it is explicitly defined or has the default value, is to be ignored +* If any of `style`, `explode`, or `allowReserved` are _not_ present with explicit values, then they are to be treated as if they were present with their default values + +However, if all three of `style`, `explode`, and `allowReserved` fields are absent, it is RECOMMENDED that: + +* All three keywords are to be entirely ignored, rather than treated as having their default values +* Encoding is to be based on `contentType` alone, whether it is present with an explicit value or absent and treated as having its default value + +This makes the presence of at least one of `style`, `explode`, or `allowReserved` with an explicit value equivalent to using `schema` with `in: query` Parameter Objects, and their absence the equivalent of using `content`, but with the media type specified in `contentType` rather than through a Media Type Object. + +See [Appendix E](#percentEncodingAndFormMediaTypes) for a detailed examination of percent-encoding concerns for form media types. To submit content using form url encoding via [RFC1866](https://tools.ietf.org/html/rfc1866), the following definition may be used: @@ -1644,9 +1693,27 @@ Here is the `id` parameter (without `address`) serialized as `application/json` id=%22f81d4fae-7dec-11d0-a765-00a0c91e6bf6%22 ``` -See [Appendix E](#percentEncodingAndFormMediaTypes) for a detailed examination of percent-encoding concerns for form media types. +`application/x-www-form-urlencoded` is a text format, which requires base64-encoding any binary data: -##### Special Considerations for `multipart` Content +```YAML +requestBody: + content: + application/x-www-form-urlencoded: + schema: + type: object + properties: + name: + type: string + icon: + # default is text/plain, need to declare an image type only! + type: string + format: byte + encoding: + icon: + contentType: image/png, image/jpeg +``` + +###### Encoding `multipart` Media Types It is common to use `multipart/form-data` as a `Content-Type` when transferring request bodies to operations. In contrast to 2.0, a `schema` is REQUIRED to define the input parameters to the operation when using `multipart` content. This supports complex structures as well as supporting mechanisms for multiple file uploads. @@ -1658,6 +1725,23 @@ When passing in `multipart` types, boundaries MAY be used to separate sections o Note that only `multipart/*` media types with named parts can be described as shown here. Note also that while `multipart/form-data` originally defined a per-part `Content-Transfer-Encoding` header that could indicate base64 encoding (`format: byte`), it has been deprecated for use with HTTP as of [RFC7578](https://www.rfc-editor.org/rfc/rfc7578#section-4.7). +The `form-data` disposition and its `name` parameter are mandatory for `multipart/form-data` ([RFC7578 §4.2](https://www.rfc-editor.org/rfc/rfc7578.html#section-4.2)). +Array properties are handled by applying the same `name` to multiple parts, as is recommended by [RFC7578 §4.3](https://www.rfc-editor.org/rfc/rfc7578.html#section-4.3) for supplying multiple values per form field. +See [RFC7578 §5](https://www.rfc-editor.org/rfc/rfc7578.html#section-5) for guidance regarding non-ASCII part names. + +Various other `multipart` types, most notable `multipart/mixed` ([RFC2046 §5.1.3](https://www.rfc-editor.org/rfc/rfc2046.html#section-5.1.3)) neither require nor forbid specific `Content-Disposition` values, which means care must be taken to ensure that any values used are supported by all relevant software. +It is not currently possible to correlate schema properties with unnamed, ordered parts in media types such as `multipart/mixed`, but implementations MAY choose to support such types when `Content-Disposition: form-data` is used with a `name` parameter. + +Note that there are significant restrictions on what headers can be used with `multipart` media types in general ([RFC2046 §5.1](https://www.rfc-editor.org/rfc/rfc2046.html#section-5.1)) and `multi-part/form-data` in particular ([RFC7578 §4.8](https://www.rfc-editor.org/rfc/rfc7578.html#section-4.8)). + +Note also that `Content-Transfer-Encoding` is deprecated for `multipart/form-data` ([RFC7578 §4.7](https://www.rfc-editor.org/rfc/rfc7578.html#section-4.7)) where binary data is supported, as it is in HTTP. +Using `format: byte` for a multipart field is equivalent to setting `Content-Transfer-Encoding: base64`. +If `format: byte` is used along with setting a different `Content-Transfer-Encoding` value with the `headers` field, the result is undefined. + +See [Appendix E](#percentEncodingAndFormMediaTypes) for a detailed examination of percent-encoding concerns for form media types. + +##### Encoding Object Example + Examples: ```yaml @@ -1690,83 +1774,6 @@ requestBody: $ref: '#/components/schemas/Address' ``` -An `encoding` attribute is introduced to give you control over the serialization of parts of `multipart` request bodies. This attribute is _only_ applicable to request bodies, and _only_ for `multipart` and `application/x-www-form-urlencoded` media types. - -#### Encoding Object - -A single encoding definition applied to a single schema property. -See [Appendix B](#dataTypeConversion) for a discussion of converting values of various types to string representations. - -Properties are correlated with `multipart` parts using the `name` parameter to `Content-Disposition: form-data`, and with `application/x-www-form-urlencoded` using the query string paramter names. -In both cases, their order is implementation-defined. - -See [Appendix E](#percentEncodingAndFormMediaTypes) for a detailed examination of percent-encoding concerns for form media types. - -###### Common Fixed Fields - -These fields MAY be used either with or without the RFC6570-style serialization fields defined in the next section below. - -Field Name | Type | Description ----|:---:|--- -contentType | `string` | The `Content-Type` for encoding a specific property. The value is a comma-separated list, each element of which is either a specific media type (e.g. `image/png`) or a wildcard media type (e.g. `image/*`). Default value depends on the property type as shown in the table below. -headers | Map[`string`, [Header Object](#headerObject) \| [Reference Object](#referenceObject)] | A map allowing additional information to be provided as headers. `Content-Type` is described separately and SHALL be ignored in this section. This property SHALL be ignored if the request body media type is not a `multipart`. - -This object MAY be extended with [Specification Extensions](#specificationExtensions). - -The default values for `contentType` are as follows, where an _n/a_ in the `format` column means that the presence or value of `format` is irrelevant: - -Property `type` | Property `format` | Default `contentType` -------------- | --------------- | --------------------- -`string` | `binary` | `application/octet-stream` -`string` | _none, or any except `binary`_ | `text/plain` -`number`, `integer`, or `boolean` | _n/a_ | `text/plain` -`object` | _n/a_ | `application/json` -`array` | _n/a_ | according to the `type` and `format` of the `items` schema - -Determining how to handle `null` values if `nullable: true` is present depends on how `null` values are being serialized. -If `null` values are entirely omitted, then the `contentType` is irrelevant. -See [Appendix B](#dataTypeConversion) for a discussion of data type conversion options. - -##### Fixed Fields for RFC6570-style Serialization - -Field Name | Type | Description ----|:---:|--- -style | `string` | Describes how a specific property value will be serialized depending on its type. See [Parameter Object](#parameterObject) for details on the [`style`](#parameterStyle) property. The behavior follows the same values as `query` parameters, including default values. Note that the initial `?` using in query strings is not used in `applcation/x-www-form-urlencoded` message bodies, and MUST be removed (if using an RFC6570 implementation) or simply not added (if constructing the string manually). This property SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. -explode | `boolean` | When this is true, property values of type `array` or `object` generate separate parameters for each value of the array, or key-value-pair of the map. For other types of properties this property has no effect. When [`style`](#encodingStyle) is `form`, the default value is `true`. For all other styles, the default value is `false`. Note that despite `false` being the default for `deepObject`, the combination of `false` with `deepObject` is undefined. This property SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. -allowReserved | `boolean` | When this is true, parameter values are serialized using reserved expansion, as defined by [RFC6570](https://datatracker.ietf.org/doc/html/rfc6570#autoid-20), which allows [RFC3986's reserved character set](https://datatracker.ietf.org/doc/html/rfc3986#autoid-13), as well as percent-encoded triples, to pass through unchanged, while still percent-encoding all other disallowed characters (including `%` outside of percent-encoded triples). Applications are still responsible for percent-encoding reserved characters that are [not allowed in the query string](https://datatracker.ietf.org/doc/html/rfc3986#autoid-24) (`[`, `]`, `#`), or have a special meaning in `application/x-www-form-urlencoded` (`-`, `&`, `+`); see Appendices [C](#usingRFC6570Implementations) and [E](#percentEncodingAndFormMediaTypes) for details. The default value is `false`. This property SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. - -See also [Appendix C: Using RFC6570 Implementations](#usingRFC6570Implementations) for additional guidance. - -The role of `contentType` with `application/x-www-form-urlencoded` request bodies was not described in detail in version 3.0.3 and earlier of this specification. -To match the intent of these fields and be compatible with version 3.1 of this specification, it is RECOMMENDED that whenever any of `style`, `explode`, or `allowReserved` are present with an explicit value: - -* The value of `contentType`, whether it is explicitly defined or has the default value, is to be ignored -* If any of `style`, `explode`, or `allowReserved` are _not_ present with explicit values, then they are to be treated as if they were present with their default values - -However, if all three of `style`, `explode`, and `allowReserved` fields are absent, it is RECOMMENDED that: - -* All three keywords are to be entirely ignored, rather than treated as having their default values -* Encoding is to be based on `contentType` alone, whether it is present with an explicit value or absent and treated as having its default value - -This makes the presence of at least one of `style`, `explode`, or `allowReserved` with an explicit value equivalent to using `schema` with `in: query` Parameter Objects, and their absence the equivalent of using `content`, but with the media type specified in `contentType` rather than through a Media Type Object. - -###### Encoding `multipart` Media Types - -The `form-data` disposition and its `name` parameter are mandatory for `multipart/form-data` ([RFC7578 §4.2](https://www.rfc-editor.org/rfc/rfc7578.html#section-4.2)). -Array properties are handled by applying the same `name` to multiple parts, as is recommended by [RFC7578 §4.3](https://www.rfc-editor.org/rfc/rfc7578.html#section-4.3) for supplying multiple values per form field. -See [RFC7578 §5](https://www.rfc-editor.org/rfc/rfc7578.html#section-5) for guidance regarding non-ASCII part names. - -Various other `multipart` types, most notable `multipart/mixed` ([RFC2046 §5.1.3](https://www.rfc-editor.org/rfc/rfc2046.html#section-5.1.3)) neither require nor forbid specific `Content-Disposition` values, which means care must be taken to ensure that any values used are supported by all relevant software. -It is not currently possible to correlate schema properties with unnamed, ordered parts in media types such as `multipart/mixed`, but implementations MAY choose to support such types when `Content-Disposition: form-data` is used with a `name` parameter. - -Note that there are significant restrictions on what headers can be used with `multipart` media types in general ([RFC2046 §5.1](https://www.rfc-editor.org/rfc/rfc2046.html#section-5.1)) and `multi-part/form-data` in particular ([RFC7578 §4.8](https://www.rfc-editor.org/rfc/rfc7578.html#section-4.8)). - -Note also that `Content-Transfer-Encoding` is deprecated for `multipart/form-data` ([RFC7578 §4.7](https://www.rfc-editor.org/rfc/rfc7578.html#section-4.7)) where binary data is supported, as it is in HTTP. -Using `format: byte` for a multipart field is equivalent to setting `Content-Transfer-Encoding: base64`. -If `format: byte` is used along with setting a different `Content-Transfer-Encoding` value with the `headers` field, the result is undefined. - -##### Encoding Object Example - `multipart/form-data` allows for binary parts: ```yaml @@ -1807,24 +1814,21 @@ requestBody: type: integer ``` -`application/x-www-form-urlencoded` is a text format, which requires base64-encoding any binary data: +To upload multiple files, a `multipart` media type MUST be used: -```YAML +```yaml requestBody: content: - application/x-www-form-urlencoded: + multipart/form-data: schema: - type: object properties: - name: - type: string - icon: - # default is text/plain, need to declare an image type only! - type: string - format: byte - encoding: - icon: - contentType: image/png, image/jpeg + # The property name 'file' will be used for all files. + file: + type: array + items: + type: string + format: binary + ``` #### Responses Object From 7636fbf75c1d467aa7193c12e09d5cb9a83a3095 Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Wed, 19 Jun 2024 16:39:45 -0700 Subject: [PATCH 139/251] Add section titles, fix levels Make the Parameter, Encoding, and Header Object fixed fields section organization the same in all three places, with the same levels of indentation. Add more headings under the Encoding Object for guidance on each form media type, and sub-headings for each example in each of those sections. This will make the diff for the next commit much more legible. --- versions/3.0.4.md | 26 ++++++++++++++++++++------ 1 file changed, 20 insertions(+), 6 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 9f3b5864ce..c64accae92 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -1594,6 +1594,8 @@ In both cases, their order is implementation-defined. See [Appendix E](#percentEncodingAndFormMediaTypes) for a detailed examination of percent-encoding concerns for form media types. +##### Fixed Fields + ###### Common Fixed Fields These fields MAY be used either with or without the RFC6570-style serialization fields defined in the next section below. @@ -1619,7 +1621,7 @@ Determining how to handle `null` values if `nullable: true` is present depends o If `null` values are entirely omitted, then the `contentType` is irrelevant. See [Appendix B](#dataTypeConversion) for a discussion of data type conversion options. -##### Fixed Fields for RFC6570-style Serialization +###### Fixed Fields for RFC6570-style Serialization Field Name | Type | Description ---|:---:|--- @@ -1642,11 +1644,15 @@ However, if all three of `style`, `explode`, and `allowReserved` fields are abse This makes the presence of at least one of `style`, `explode`, or `allowReserved` with an explicit value equivalent to using `schema` with `in: query` Parameter Objects, and their absence the equivalent of using `content`, but with the media type specified in `contentType` rather than through a Media Type Object. +##### Encoding the `x-www-form-urlencoded` Media Type + See [Appendix E](#percentEncodingAndFormMediaTypes) for a detailed examination of percent-encoding concerns for form media types. To submit content using form url encoding via [RFC1866](https://tools.ietf.org/html/rfc1866), the following definition may be used: +###### Example: URL Encoded Form with JSON Values + ```yaml requestBody: content: @@ -1693,6 +1699,8 @@ Here is the `id` parameter (without `address`) serialized as `application/json` id=%22f81d4fae-7dec-11d0-a765-00a0c91e6bf6%22 ``` +###### Example: URL Encoded Form with Binary Values + `application/x-www-form-urlencoded` is a text format, which requires base64-encoding any binary data: ```YAML @@ -1713,7 +1721,7 @@ requestBody: contentType: image/png, image/jpeg ``` -###### Encoding `multipart` Media Types +##### Encoding `multipart` Media Types It is common to use `multipart/form-data` as a `Content-Type` when transferring request bodies to operations. In contrast to 2.0, a `schema` is REQUIRED to define the input parameters to the operation when using `multipart` content. This supports complex structures as well as supporting mechanisms for multiple file uploads. @@ -1740,7 +1748,7 @@ If `format: byte` is used along with setting a different `Content-Transfer-Encod See [Appendix E](#percentEncodingAndFormMediaTypes) for a detailed examination of percent-encoding concerns for form media types. -##### Encoding Object Example +###### Example: Basic Multipart Form Examples: @@ -1774,6 +1782,8 @@ requestBody: $ref: '#/components/schemas/Address' ``` +###### Example: Multipart Form with Encoding Objects + `multipart/form-data` allows for binary parts: ```yaml @@ -1814,6 +1824,8 @@ requestBody: type: integer ``` +###### Example: Multipart Form with Multiple Files + To upload multiple files, a `multipart` media type MUST be used: ```yaml @@ -2487,7 +2499,9 @@ The Header Object follows the structure of the [Parameter Object](#parameterObje 1. `in` MUST NOT be specified, it is implicitly in `header`. 1. All traits that are affected by the location MUST be applicable to a location of `header` (for example, [`style`](#parameterStyle)). This means that `allowEmptyValue` and `allowReserved` MUST NOT be used, and `style`, if used, MUST be limited to `simple`. -##### Common Fixed Fields +##### Fixed Fields + +###### Common Fixed Fields These fields MAY be used with either `content` or `schema`. @@ -2499,7 +2513,7 @@ Field Name | Type | Description This object MAY be extended with [Specification Extensions](#specificationExtensions). -##### Fixed Fields for use with `schema` +###### Fixed Fields for use with `schema` For simpler scenarios, a [`schema`](#headerSchema) and [`style`](#headerStyle) can describe the structure and syntax of the header. When `example` or `examples` are provided in conjunction with the `schema` object, the example MUST follow the prescribed serialization strategy for the header. @@ -2519,7 +2533,7 @@ Field Name | Type | Description See also [Appendix C: Using RFC6570 Implementations](#usingRFC6570Implementations) for additional guidance. -##### Fixed Fields for use with `content` +###### Fixed Fields for use with `content` For more complex scenarios, the [`content`](#headerContent) property can define the media type and schema of the header, as well as give examples of its use. Using `content` with a `text/plain` media type is RECOMMENDED for headers where the `schema` strategy is not appropriate. From fd71328b0c0ac87568a4c9e271b53811b8a0eaf0 Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Wed, 19 Jun 2024 16:46:41 -0700 Subject: [PATCH 140/251] Consolidating form guidance: Media Type Object This puts the useful part of the "An encoding attribute..." text into the fixed fields table, and removes the duplication. It also links the remaining stub or truncated sections to the information's new location under the Encoding Object. --- versions/3.0.4.md | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index c64accae92..af10819578 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -1465,15 +1465,13 @@ See [Working With Examples](#working-with-examples) for further guidance regardi ##### Fixed Fields Field Name | Type | Description ---|:---:|--- -schema | [Schema Object](#schemaObject) \| [Reference Object](#referenceObject) | The schema defining the content of the request, response, or parameter. +schema | [Schema Object](#schemaObject) \| [Reference Object](#referenceObject) | The schema defining the content of the request, response, parameter, or header. example | Any | Example of the media type; see [Working With Examples](#working-with-examples). examples | Map[ `string`, [Example Object](#exampleObject) \| [Reference Object](#referenceObject)] | Examples of the media type; see [Working With Examples](#working-with-examples). -encoding | Map[`string`, [Encoding Object](#encodingObject)] | A map between a property name and its encoding information. The key, being the property name, MUST exist in the schema as a property. The encoding attribute SHALL only apply to [Request Body Objects](#requestBodyObject), and only when the media type is `multipart` or `application/x-www-form-urlencoded`. If no Encoding Object is provided for a property, the behavior is determined by the default values documented for the Encoding Object. +encoding | Map[`string`, [Encoding Object](#encodingObject)] | A map between a property name and information providing more control over the serialization of the value. The key, being the property name, MUST exist in the schema as a property. The encoding attribute SHALL only apply to [Request Body Objects](#requestBodyObject), and only when the media type is `multipart` or `application/x-www-form-urlencoded`. If no Encoding Object is provided for a property, the behavior is determined by the default values documented for the Encoding Object. This object MAY be extended with [Specification Extensions](#specificationExtensions). -An `encoding` attribute is introduced to give you control over the serialization of parts of `multipart` request bodies. This attribute is _only_ applicable to request bodies, and _only_ for `multipart` and `application/x-www-form-urlencoded` media types. - ##### Media Type Examples ```json @@ -1578,12 +1576,16 @@ requestBody: format: binary ``` -To upload multiple files, a `multipart` media type MUST be used: +To upload multiple files, a `multipart` media type MUST be used as shown under [Example: Multipart Form with Multiple Files](#example-multipart-form-with-multiple-files). ##### Support for x-www-form-urlencoded Request Bodies +See [Encoding the `x-www-form-urlencoded` Media Type](#encoding-the-x-www-form-urlencoded-media-type) for guidance and examples, both with and without the `encoding` attribute. + ##### Special Considerations for `multipart` Content +See [Encoding `multipart` Media Types](#encoding-multipart-media-types) for further guidance and examples, both with and without the `encoding` attribute. + #### Encoding Object A single encoding definition applied to a single schema property. From 8cdbf839147df3d0a6ba693727b85fb50692ca2d Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Wed, 19 Jun 2024 17:24:52 -0700 Subject: [PATCH 141/251] Re-organize form-urlencoded guidance This re-organizes and streamlines the form-urlencoded guidance that was consolidated from the Media Type Object. It also adds an example of a base64-encoded URL query parameter. --- versions/3.0.4.md | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index af10819578..48c0545e85 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -1648,13 +1648,15 @@ This makes the presence of at least one of `style`, `explode`, or `allowReserved ##### Encoding the `x-www-form-urlencoded` Media Type -See [Appendix E](#percentEncodingAndFormMediaTypes) for a detailed examination of percent-encoding concerns for form media types. +To submit content using form url encoding via [RFC1866](https://tools.ietf.org/html/rfc1866), use the `application/x-www-form-urlencoded` media type in the [Media Type Object](#mediaTypeObject) under the [Request Body Object](#requestBodyObject). +This configuration means that the request body MUST be encoded per [RFC1866](https://tools.ietf.org/html/rfc1866) when passed to the server, after any complex objects have been serialized to a string representation. -To submit content using form url encoding via [RFC1866](https://tools.ietf.org/html/rfc1866), the following -definition may be used: +See [Appendix E](#percentEncodingAndFormMediaTypes) for a detailed examination of percent-encoding concerns for form media types. ###### Example: URL Encoded Form with JSON Values +When there is no [`encoding` field](#mediaTypeEncoding), the serialization strategy is based on the Encoding Object's default values: + ```yaml requestBody: content: @@ -1671,11 +1673,7 @@ requestBody: properties: {} ``` -In this example, the contents in the `requestBody` MUST be encoded per [RFC1866](https://tools.ietf.org/html/rfc1866) when passed to the server. In addition, the `address` field complex object will be serialized to a string representation prior to encoding. - -When passing complex objects in the `application/x-www-form-urlencoded` content type, the default serialization strategy of such properties is described in the [Encoding Object](#encodingObject)'s [`style`](#encodingStyle) property as `form`. - -With this example, given an `id` of `f81d4fae-7dec-11d0-a765-00a0c91e6bf6` and a US-style address (with ZIP+4) as follows: +With this example, consider an `id` of `f81d4fae-7dec-11d0-a765-00a0c91e6bf6` and a US-style address (with ZIP+4) as follows: ```json { @@ -1703,7 +1701,7 @@ id=%22f81d4fae-7dec-11d0-a765-00a0c91e6bf6%22 ###### Example: URL Encoded Form with Binary Values -`application/x-www-form-urlencoded` is a text format, which requires base64-encoding any binary data: +Note that `application/x-www-form-urlencoded` is a text format, which requires base64-encoding any binary data: ```YAML requestBody: @@ -1715,7 +1713,8 @@ requestBody: name: type: string icon: - # default is text/plain, need to declare an image type only! + # The default with "format: byte" is application/octet-stream, + # so we need to set image media type(s) in the Encoding Object. type: string format: byte encoding: @@ -1723,6 +1722,13 @@ requestBody: contentType: image/png, image/jpeg ``` +Given a name of `example` and a solid red 2x2-pixel PNG for `icon`, this +would produce a request body of: + +```urlencoded +name=example&icon=iVBORw0KGgoAAAANSUhEUgAAAAIAAAACCAYAAABytg0kAAAAEklEQVQIW2P8z8AARAwMjDAGACwBA/+8RVWvAAAAAElFTk +``` + ##### Encoding `multipart` Media Types It is common to use `multipart/form-data` as a `Content-Type` when transferring request bodies to operations. In contrast to 2.0, a `schema` is REQUIRED to define the input parameters to the operation when using `multipart` content. This supports complex structures as well as supporting mechanisms for multiple file uploads. From 1a405a7fa03f5dec466c44420b2c20c696762f3e Mon Sep 17 00:00:00 2001 From: Ralf Handl Date: Thu, 20 Jun 2024 14:52:07 +0200 Subject: [PATCH 142/251] typo: paramter --- versions/3.0.4.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 84caa2f243..4adfa88210 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -1697,7 +1697,7 @@ An `encoding` attribute is introduced to give you control over the serialization A single encoding definition applied to a single schema property. See [Appendix B](#dataTypeConversion) for a discussion of converting values of various types to string representations. -Properties are correlated with `multipart` parts using the `name` parameter to `Content-Disposition: form-data`, and with `application/x-www-form-urlencoded` using the query string paramter names. +Properties are correlated with `multipart` parts using the `name` parameter to `Content-Disposition: form-data`, and with `application/x-www-form-urlencoded` using the query string parameter names. In both cases, their order is implementation-defined. See [Appendix E](#percentEncodingAndFormMediaTypes) for a detailed examination of percent-encoding concerns for form media types. @@ -2326,7 +2326,7 @@ Because of the potential for name clashes, the `operationRef` syntax is preferre for multi-document OpenAPI descriptions. Note that it is not possible to provide a constant value to `parameters` that matches the syntax of a runtime expression. -It is possible to have ambiguous parameter names, e.g. `name: id, in: path` and `name: path.id, in: query`; this is NOT RECOMMENDED and the behavior is implementation-defined, however implementations SHOULD prefer the qualified interpretation (`path.id` as a path parameter), as the names can always be qualified to disambiguate them (e.g. using `query.path.id` for the query paramter). +It is possible to have ambiguous parameter names, e.g. `name: id, in: path` and `name: path.id, in: query`; this is NOT RECOMMENDED and the behavior is implementation-defined, however implementations SHOULD prefer the qualified interpretation (`path.id` as a path parameter), as the names can always be qualified to disambiguate them (e.g. using `query.path.id` for the query parameter). ##### Examples From 85fb8936608d48b264e40ca2b73c2b23f0e912e2 Mon Sep 17 00:00:00 2001 From: Ralf Handl Date: Thu, 20 Jun 2024 16:41:26 +0200 Subject: [PATCH 143/251] Another typo --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 4adfa88210..2ebe9f02d3 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -309,7 +309,7 @@ Field Name | Type | Description termsOfService | `string` | A URL to the Terms of Service for the API. MUST be in the format of a URL. contact | [Contact Object](#contactObject) | The contact information for the exposed API. license | [License Object](#licenseObject) | The license information for the exposed API. -version | `string` | **REQUIRED**. The version of the OpenAPI document (which is distinct from the [OpenAPI Specification version](#oasVersion) or the version of API being described). +version | `string` | **REQUIRED**. The version of the OpenAPI document (which is distinct from the [OpenAPI Specification version](#oasVersion) or the version of the API being described). This object MAY be extended with [Specification Extensions](#specificationExtensions). From d5da50e8f04e55d6fd484557dafd6d75b7a935bc Mon Sep 17 00:00:00 2001 From: Ralf Handl Date: Thu, 20 Jun 2024 16:43:04 +0200 Subject: [PATCH 144/251] Two more typos --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 2ebe9f02d3..23b8a4b980 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -1731,7 +1731,7 @@ See [Appendix B](#dataTypeConversion) for a discussion of data type conversion o Field Name | Type | Description ---|:---:|--- -style | `string` | Describes how a specific property value will be serialized depending on its type. See [Parameter Object](#parameterObject) for details on the [`style`](#parameterStyle) property. The behavior follows the same values as `query` parameters, including default values. Note that the initial `?` using in query strings is not used in `applcation/x-www-form-urlencoded` message bodies, and MUST be removed (if using an RFC6570 implementation) or simply not added (if constructing the string manually). This property SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. +style | `string` | Describes how a specific property value will be serialized depending on its type. See [Parameter Object](#parameterObject) for details on the [`style`](#parameterStyle) property. The behavior follows the same values as `query` parameters, including default values. Note that the initial `?` used in query strings is not used in `application/x-www-form-urlencoded` message bodies, and MUST be removed (if using an RFC6570 implementation) or simply not added (if constructing the string manually). This property SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. explode | `boolean` | When this is true, property values of type `array` or `object` generate separate parameters for each value of the array, or key-value-pair of the map. For other types of properties this property has no effect. When [`style`](#encodingStyle) is `form`, the default value is `true`. For all other styles, the default value is `false`. Note that despite `false` being the default for `deepObject`, the combination of `false` with `deepObject` is undefined. This property SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. allowReserved | `boolean` | When this is true, parameter values are serialized using reserved expansion, as defined by [RFC6570](https://datatracker.ietf.org/doc/html/rfc6570#autoid-20), which allows [RFC3986's reserved character set](https://datatracker.ietf.org/doc/html/rfc3986#autoid-13), as well as percent-encoded triples, to pass through unchanged, while still percent-encoding all other disallowed characters (including `%` outside of percent-encoded triples). Applications are still responsible for percent-encoding reserved characters that are [not allowed in the query string](https://datatracker.ietf.org/doc/html/rfc3986#autoid-24) (`[`, `]`, `#`), or have a special meaning in `application/x-www-form-urlencoded` (`-`, `&`, `+`); see Appendices [C](#usingRFC6570Implementations) and [E](#percentEncodingAndFormMediaTypes) for details. The default value is `false`. This property SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. From d8f014031b9c486dab96247b3536c186e3012a75 Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Wed, 19 Jun 2024 17:25:44 -0700 Subject: [PATCH 145/251] Reorganize multipart/form-data guidance This organizes and streamlines the guidance on multipart that was incorporated from the Media Type Object. Lots of duplication has been removed, and the examples reworked to show distinct use cases. --- versions/3.0.4.md | 60 +++++++++++++++++++---------------------------- 1 file changed, 24 insertions(+), 36 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 48c0545e85..e88cd01fea 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -1731,15 +1731,7 @@ name=example&icon=iVBORw0KGgoAAAANSUhEUgAAAAIAAAACCAYAAABytg0kAAAAEklEQVQIW2P8z8 ##### Encoding `multipart` Media Types -It is common to use `multipart/form-data` as a `Content-Type` when transferring request bodies to operations. In contrast to 2.0, a `schema` is REQUIRED to define the input parameters to the operation when using `multipart` content. This supports complex structures as well as supporting mechanisms for multiple file uploads. - -When passing in `multipart` types, boundaries MAY be used to separate sections of the content being transferred — thus, the following default `Content-Type`s are defined for `multipart`: - -* If the property is a primitive, or an array of primitive values, the default Content-Type is `text/plain` -* If the property is complex, or an array of complex values, the default Content-Type is `application/json` -* If the property is a `type: string` with `format: binary` or `format: byte` (aka a file object), the default Content-Type is `application/octet-stream` - -Note that only `multipart/*` media types with named parts can be described as shown here. Note also that while `multipart/form-data` originally defined a per-part `Content-Transfer-Encoding` header that could indicate base64 encoding (`format: byte`), it has been deprecated for use with HTTP as of [RFC7578](https://www.rfc-editor.org/rfc/rfc7578#section-4.7). +It is common to use `multipart/form-data` as a `Content-Type` when transferring forms as request bodies. In contrast to 2.0, a `schema` is REQUIRED to define the input parameters to the operation when using `multipart` content. This supports complex structures as well as supporting mechanisms for multiple file uploads. The `form-data` disposition and its `name` parameter are mandatory for `multipart/form-data` ([RFC7578 §4.2](https://www.rfc-editor.org/rfc/rfc7578.html#section-4.2)). Array properties are handled by applying the same `name` to multiple parts, as is recommended by [RFC7578 §4.3](https://www.rfc-editor.org/rfc/rfc7578.html#section-4.3) for supplying multiple values per form field. @@ -1758,7 +1750,7 @@ See [Appendix E](#percentEncodingAndFormMediaTypes) for a detailed examination o ###### Example: Basic Multipart Form -Examples: +When the `encoding` attribute is _not_ used, the encoding is determined by the Encoding Object's defaults: ```yaml requestBody: @@ -1768,23 +1760,16 @@ requestBody: type: object properties: id: + # default for primitives without a special format is text/plain type: string format: uuid - address: - # default Content-Type for objects is `application/json` - type: object - properties: {} profileImage: - # default Content-Type for string/binary is `application/octet-stream` + # default for string with binary format is `application/octet-stream` type: string format: binary - children: - # default Content-Type for arrays is based on the `inner` type (text/plain here) - type: array - items: - type: string addresses: - # default Content-Type for arrays is based on the `inner` type (object shown, so `application/json` in this example) + # default for arrays is based on the type in the `items` + # subschema, which is an object, so `application/json` type: array items: $ref: '#/components/schemas/Address' @@ -1792,7 +1777,8 @@ requestBody: ###### Example: Multipart Form with Encoding Objects -`multipart/form-data` allows for binary parts: +Using `encoding`, we can set more specific types for binary data, or non-JSON formats for complex values. +We can also describe headers for each part: ```yaml requestBody: @@ -1802,28 +1788,30 @@ requestBody: type: object properties: id: - # default is text/plain + # default is `text/plain` type: string format: uuid - address: - # default is application/json - type: object - properties: {} - historyMetadata: - # need to declare XML format! - description: metadata in XML format - type: object - properties: {} + addresses: + # default based on the `items` subschema would be + # `application/json`, but we want these address objects + # serialized as `application/xml` instead + description: addresses in XML format + type: array + items: + $ref: '#/components/schemas/Address' profileImage: - # default is application/octet-stream, need to declare an image type only! + # default is application/octet-stream, but we can declare + # a more specific image type or types type: string format: binary encoding: - historyMetadata: + addresses: # require XML Content-Type in utf-8 encoding + # This is applied to each address part corresponding + # to each address in he array contentType: application/xml; charset=utf-8 profileImage: - # only accept png/jpeg + # only accept png or jpeg contentType: image/png, image/jpeg headers: X-Rate-Limit-Limit: @@ -1834,7 +1822,7 @@ requestBody: ###### Example: Multipart Form with Multiple Files -To upload multiple files, a `multipart` media type MUST be used: +In accordance with [RFC7578 §4.3](https://www.rfc-editor.org/rfc/rfc7578.html#section-4.3), multiple files for a single form field are uploaded using the same name (`file` in this example) for each file's part: ```yaml requestBody: From e8cc358bfe8b02a47f56572ac65c012b3616f9c5 Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Thu, 20 Jun 2024 12:31:07 -0700 Subject: [PATCH 146/251] Fix base64 encoding example for URL quoting I forgot to run the example through URL quoting, which is necessary. --- versions/3.0.4.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index e88cd01fea..d2442e4ea9 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -1726,9 +1726,13 @@ Given a name of `example` and a solid red 2x2-pixel PNG for `icon`, this would produce a request body of: ```urlencoded -name=example&icon=iVBORw0KGgoAAAANSUhEUgAAAAIAAAACCAYAAABytg0kAAAAEklEQVQIW2P8z8AARAwMjDAGACwBA/+8RVWvAAAAAElFTk +name=example&icon=iVBORw0KGgoAAAANSUhEUgAAAAIAAAACCAIAAAD91JpzAAAABGdBTUEAALGPC%2FxhBQAAADhlWElmTU0AKgAAAAgAAYdpAAQAAAABAAAAGgAAAAAAAqACAAQAAAABAAAAAqADAAQAAAABAAAAAgAAAADO0J6QAAAAEElEQVQIHWP8zwACTGCSAQANHQEDqtPptQAAAABJRU5ErkJggg%3D%3D ``` +Note that this base64-encoded value had to be futher percent-encoded, replacing `/` with `%2F` and each of two final `=` padding characters with `%3D`. +Some base64-decoding implementations may be able to use the string without the padding per [RFC4648 §3.2](https://datatracker.ietf.org/doc/html/rfc4648#section-3.2). +However, this is not guaranteed and the value would still need to be percent-decoded due to the `%2F`. + ##### Encoding `multipart` Media Types It is common to use `multipart/form-data` as a `Content-Type` when transferring forms as request bodies. In contrast to 2.0, a `schema` is REQUIRED to define the input parameters to the operation when using `multipart` content. This supports complex structures as well as supporting mechanisms for multiple file uploads. From cf3e5f3d90d47c8425107a56f172643e03ed2540 Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Thu, 20 Jun 2024 13:47:05 -0700 Subject: [PATCH 147/251] Restore note about contentMediaType I did not mean to remove this. --- versions/3.0.4.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index d2442e4ea9..1f025cd897 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -1750,6 +1750,8 @@ Note also that `Content-Transfer-Encoding` is deprecated for `multipart/form-dat Using `format: byte` for a multipart field is equivalent to setting `Content-Transfer-Encoding: base64`. If `format: byte` is used along with setting a different `Content-Transfer-Encoding` value with the `headers` field, the result is undefined. +Per the JSON Schema specification, `contentMediaType` without `contentEncoding` present is treated as if `contentEncoding: identity` were present. While useful for embedding text documents such as `text/html` into JSON strings, it is not useful for a `multipart/form-data` part, as it just causes the document to be treated as `text/plain` instead of its actual media type. Use the Encoding Object without `contentMediaType` if no `contentEncoding` is required. + See [Appendix E](#percentEncodingAndFormMediaTypes) for a detailed examination of percent-encoding concerns for form media types. ###### Example: Basic Multipart Form From a4d3575da7744b6483449982a9b7d9f28f2a7480 Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Fri, 21 Jun 2024 08:36:42 -0700 Subject: [PATCH 148/251] Authoritative rendering; "schema" usage (3.0.4) This adds a note about the authoritative HTML rendering and adds a definition for "Schema" to explain the three ways the term is used in or with the specification. --- versions/3.0.4.md | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 23b8a4b980..bbabf9478f 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -14,7 +14,7 @@ An OpenAPI description can then be used by documentation generation tools to dis For examples of OpenAPI usage and additional documentation, please visit [learn.openapis.org](https://learn.openapis.org/). -For extension registries and other specifications published by the OpenAPI Initiative, please visit [spec.openapis.org](https://spec.openapis.org/) +For extension registries and other specifications published by the OpenAPI Initiative, as well as the authoritative rendering of this specification, please visit [spec.openapis.org](https://spec.openapis.org/). ## Table of Contents @@ -74,6 +74,12 @@ For extension registries and other specifications published by the OpenAPI Initi ##### OpenAPI Description An OpenAPI Description (OAD) formally describes the surface of an API and its semantics. It is composed of an [entry document](#documentStructure) and any/all of its referenced documents. An OAD uses and conforms to the OpenAPI Specification. +##### Schema + +A "schema" is a formal description of syntax and structure. +This document serves as the [schema](#schema) for the OpenAPI Specification format; a non-authoritative JSON Schema based on this document is also provided on [spec.openapis.org](https://spec.openapis.org) for informational purposes. +This specification also _uses_ schemas in the form of the [Schema Object](#schemaObject). + ##### Path Templating Path templating refers to the usage of template expressions, delimited by curly braces ({}), to mark a section of a URL path as replaceable using path parameters. @@ -142,7 +148,7 @@ For example, if a field has an array value, the JSON array representation will b All field names in the specification are **case sensitive**. This includes all fields that are used as keys in a map, except where explicitly noted that keys are **case insensitive**. -The schema exposes two types of fields: Fixed fields, which have a declared name, and Patterned fields, which declare a regex pattern for the field name. +The [schema](#schema) exposes two types of fields: Fixed fields, which have a declared name, and Patterned fields, which declare a regex pattern for the field name. Patterned fields MUST have unique names within the containing object. From 60f164d90f9d212fadd326f323dfac06acd99386 Mon Sep 17 00:00:00 2001 From: Mike Kistler Date: Mon, 24 Jun 2024 14:59:22 -0700 Subject: [PATCH 149/251] Clarify interaction of format: byte and Content-Transfer-Encoding header definition --- versions/3.0.4.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 03da3f7ddc..2de195d9bd 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -1753,8 +1753,9 @@ It is not currently possible to correlate schema properties with unnamed, ordere Note that there are significant restrictions on what headers can be used with `multipart` media types in general ([RFC2046 §5.1](https://www.rfc-editor.org/rfc/rfc2046.html#section-5.1)) and `multi-part/form-data` in particular ([RFC7578 §4.8](https://www.rfc-editor.org/rfc/rfc7578.html#section-4.8)). Note also that `Content-Transfer-Encoding` is deprecated for `multipart/form-data` ([RFC7578 §4.7](https://www.rfc-editor.org/rfc/rfc7578.html#section-4.7)) where binary data is supported, as it is in HTTP. -Using `format: byte` for a multipart field is equivalent to setting `Content-Transfer-Encoding: base64`. -If `format: byte` is used along with setting a different `Content-Transfer-Encoding` value with the `headers` field, the result is undefined. + +Using `format: byte` for a multipart field is equivalent to specifying an `encoding` object with a `headers` field containing `Content-Transfer-Encoding: enum: ["base64"]`. +If `format: byte` is used for a multipart field that has an encoding object with a `headers` field containing `Content-Transfer-Encoding` with a schema that permits values other than "base64", the result is undefined. Per the JSON Schema specification, `contentMediaType` without `contentEncoding` present is treated as if `contentEncoding: identity` were present. While useful for embedding text documents such as `text/html` into JSON strings, it is not useful for a `multipart/form-data` part, as it just causes the document to be treated as `text/plain` instead of its actual media type. Use the Encoding Object without `contentMediaType` if no `contentEncoding` is required. From 7bb584fb699d7ca69eae1199ed09e7e33ab4a06e Mon Sep 17 00:00:00 2001 From: Mike Kistler Date: Mon, 24 Jun 2024 15:53:49 -0700 Subject: [PATCH 150/251] Address PR review commments --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 2de195d9bd..890af64b7d 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -1754,7 +1754,7 @@ Note that there are significant restrictions on what headers can be used with `m Note also that `Content-Transfer-Encoding` is deprecated for `multipart/form-data` ([RFC7578 §4.7](https://www.rfc-editor.org/rfc/rfc7578.html#section-4.7)) where binary data is supported, as it is in HTTP. -Using `format: byte` for a multipart field is equivalent to specifying an `encoding` object with a `headers` field containing `Content-Transfer-Encoding: enum: ["base64"]`. +Using `format: byte` for a multipart field is equivalent to specifying an `encoding` object with a `headers` field containing `Content-Transfer-Encoding: { schema: { enum: [base64] } }`. If `format: byte` is used for a multipart field that has an encoding object with a `headers` field containing `Content-Transfer-Encoding` with a schema that permits values other than "base64", the result is undefined. Per the JSON Schema specification, `contentMediaType` without `contentEncoding` present is treated as if `contentEncoding: identity` were present. While useful for embedding text documents such as `text/html` into JSON strings, it is not useful for a `multipart/form-data` part, as it just causes the document to be treated as `text/plain` instead of its actual media type. Use the Encoding Object without `contentMediaType` if no `contentEncoding` is required. From 48eff630a92cd592f43542db4726632ace104d72 Mon Sep 17 00:00:00 2001 From: Ralf Handl Date: Wed, 26 Jun 2024 16:41:13 +0200 Subject: [PATCH 151/251] Align with 3.1.1 - up to line 2508 --- versions/3.0.4.md | 129 +++++++++++++++++++++++----------------------- 1 file changed, 64 insertions(+), 65 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 03da3f7ddc..6326296487 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -8,7 +8,7 @@ This document is licensed under [The Apache License, Version 2.0](https://www.ap ## Introduction -The OpenAPI Specification (OAS) defines a standard, language-agnostic interface to RESTful APIs which allows both humans and computers to discover and understand the capabilities of the service without access to source code, documentation, or through network traffic inspection. When properly defined, a consumer can understand and interact with the remote service with a minimal amount of implementation logic. +The OpenAPI Specification (OAS) defines a standard, language-agnostic interface to HTTP APIs which allows both humans and computers to discover and understand the capabilities of the service without access to source code, documentation, or through network traffic inspection. When properly defined, a consumer can understand and interact with the remote service with a minimal amount of implementation logic. An OpenAPI description can then be used by documentation generation tools to display the API, code generation tools to generate servers and clients in various programming languages, testing tools, and many other use cases. @@ -81,7 +81,7 @@ This document serves as the [schema](#schema) for the OpenAPI Specification form This specification also _uses_ schemas in the form of the [Schema Object](#schemaObject). ##### Path Templating -Path templating refers to the usage of template expressions, delimited by curly braces ({}), to mark a section of a URL path as replaceable using path parameters. +Path templating refers to the usage of template expressions, delimited by curly braces (`{}`), to mark a section of a URL path as replaceable using path parameters. Each template expression in the path MUST correspond to a path parameter that is included in the [Path Item](#path-item-object) itself and/or in each of the Path Item's [Operations](#operation-object). @@ -142,7 +142,7 @@ For example, if a field has an array value, the JSON array representation will b ```json { - "field": [ 1, 2, 3 ] + "field": [1, 2, 3] } ``` All field names in the specification are **case sensitive**. @@ -218,12 +218,12 @@ Note that no aspect of implicit connection resolution changes how [URLs are reso ### Data Types -Primitive data types in the OAS are based on the types supported by the [JSON Schema Specification Wright Draft 00](https://tools.ietf.org/html/draft-wright-json-schema-00#section-4.2). +Data types in the OAS are based on the types supported by the [JSON Schema Specification Wright Draft 00](https://tools.ietf.org/html/draft-wright-json-schema-00#section-4.2). Note that `integer` as a type is also supported and is defined as a JSON number without a fraction or exponent part. `null` is not supported as a type (see [`nullable`](#schemaNullable) for an alternative solution). Models are defined using the [Schema Object](#schemaObject), which is an extended subset of JSON Schema Specification Wright Draft 00. -Primitives have an optional modifier property: `format`. +Data types can have an optional modifier property: `format`. OAS uses several known formats to define in fine detail the data type being used. However, to support documentation needs, the `format` property is an open `string`-valued property, and can have any value. Formats such as `"email"`, `"uuid"`, and so on, MAY be used even though they are not defined by this specification. @@ -284,19 +284,19 @@ In the following description, if a field is not explicitly **REQUIRED** or descr #### OpenAPI Object -This is the root document object of the [OpenAPI document](#oasDocument). +This is the root object of the [OpenAPI document](#oasDocument). ##### Fixed Fields Field Name | Type | Description ---|:---:|--- -openapi | `string` | **REQUIRED**. This string MUST be the [semantic version number](https://semver.org/spec/v2.0.0.html) of the [OpenAPI Specification version](#versions) that the OpenAPI document uses. The `openapi` field SHOULD be used by tooling specifications and clients to interpret the OpenAPI document. This is *not* related to the API [`info.version`](#infoVersion) string. +openapi | `string` | **REQUIRED**. This string MUST be the [version number](#versions) of the OpenAPI Specification that the OpenAPI document uses. The `openapi` field SHOULD be used by tooling to interpret the OpenAPI document. This is *not* related to the API [`info.version`](#infoVersion) string. info | [Info Object](#infoObject) | **REQUIRED**. Provides metadata about the API. The metadata MAY be used by tooling as required. servers | [[Server Object](#serverObject)] | An array of Server Objects, which provide connectivity information to a target server. If the `servers` property is not provided, or is an empty array, the default value would be a [Server Object](#serverObject) with a [url](#serverUrl) value of `/`. paths | [Paths Object](#pathsObject) | **REQUIRED**. The available paths and operations for the API. -components | [Components Object](#componentsObject) | An element to hold various schemas for the specification. +components | [Components Object](#componentsObject) | An element to hold various schemas for the document. security | [[Security Requirement Object](#securityRequirementObject)] | A declaration of which security mechanisms can be used across the API. The list of values includes alternative security requirement objects that can be used. Only one of the security requirement objects need to be satisfied to authorize a request. Individual operations can override this definition. To make security optional, an empty security requirement (`{}`) can be included in the array. -tags | [[Tag Object](#tagObject)] | A list of tags used by the specification with additional metadata. The order of the tags can be used to reflect on their order by the parsing tools. Not all tags that are used by the [Operation Object](#operationObject) must be declared. The tags that are not declared MAY be organized randomly or based on the tools' logic. Each tag name in the list MUST be unique. +tags | [[Tag Object](#tagObject)] | A list of tags used by the document with additional metadata. The order of the tags can be used to reflect on their order by the parsing tools. Not all tags that are used by the [Operation Object](#operationObject) must be declared. The tags that are not declared MAY be organized randomly or based on the tools' logic. Each tag name in the list MUST be unique. externalDocs | [External Documentation Object](#externalDocumentationObject) | Additional external documentation. This object MAY be extended with [Specification Extensions](#specificationExtensions). @@ -311,8 +311,8 @@ The metadata MAY be used by the clients if needed, and MAY be presented in editi Field Name | Type | Description ---|:---:|--- title | `string` | **REQUIRED**. The title of the API. -description | `string` | A short description of the API. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. -termsOfService | `string` | A URL to the Terms of Service for the API. MUST be in the format of a URL. +description | `string` | A description of the API. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. +termsOfService | `string` | A URL for the Terms of Service for the API. This MUST be in the form of a URL. contact | [Contact Object](#contactObject) | The contact information for the exposed API. license | [License Object](#licenseObject) | The license information for the exposed API. version | `string` | **REQUIRED**. The version of the OpenAPI document (which is distinct from the [OpenAPI Specification version](#oasVersion) or the version of the API being described). @@ -326,10 +326,10 @@ This object MAY be extended with [Specification Extensions](#specificationExtens { "title": "Sample Pet Store App", "description": "This is a sample server for a pet store.", - "termsOfService": "http://example.com/terms/", + "termsOfService": "https://example.com/terms/", "contact": { "name": "API Support", - "url": "http://www.example.com/support", + "url": "https://www.example.com/support", "email": "support@example.com" }, "license": { @@ -343,10 +343,10 @@ This object MAY be extended with [Specification Extensions](#specificationExtens ```yaml title: Sample Pet Store App description: This is a sample server for a pet store. -termsOfService: http://example.com/terms/ +termsOfService: https://example.com/terms/ contact: name: API Support - url: http://www.example.com/support + url: https://www.example.com/support email: support@example.com license: name: Apache 2.0 @@ -363,8 +363,8 @@ Contact information for the exposed API. Field Name | Type | Description ---|:---:|--- name | `string` | The identifying name of the contact person/organization. -url | `string` | The URL pointing to the contact information. MUST be in the format of a URL. -email | `string` | The email address of the contact person/organization. MUST be in the format of an email address. +url | `string` | The URL for the contact information. This MUST be in the form of a URL. +email | `string` | The email address of the contact person/organization. This MUST be in the form of an email address. This object MAY be extended with [Specification Extensions](#specificationExtensions). @@ -373,14 +373,14 @@ This object MAY be extended with [Specification Extensions](#specificationExtens ```json { "name": "API Support", - "url": "http://www.example.com/support", + "url": "https://www.example.com/support", "email": "support@example.com" } ``` ```yaml name: API Support -url: http://www.example.com/support +url: https://www.example.com/support email: support@example.com ``` @@ -393,7 +393,7 @@ License information for the exposed API. Field Name | Type | Description ---|:---:|--- name | `string` | **REQUIRED**. The license name used for the API. -url | `string` | A URL to the license used for the API. MUST be in the format of a URL. +url | `string` | A URL for the license used for the API. This MUST be in the form of a URL. This object MAY be extended with [Specification Extensions](#specificationExtensions). @@ -654,14 +654,14 @@ my.org.User "securitySchemes": { "api_key": { "type": "apiKey", - "name": "api_key", + "name": "api-key", "in": "header" }, "petstore_auth": { "type": "oauth2", "flows": { "implicit": { - "authorizationUrl": "http://example.org/api/oauth/dialog", + "authorizationUrl": "https://example.org/api/oauth/dialog", "scopes": { "write:pets": "modify pets in your account", "read:pets": "read your pets" @@ -731,23 +731,22 @@ components: securitySchemes: api_key: type: apiKey - name: api_key + name: api-key in: header petstore_auth: type: oauth2 flows: implicit: - authorizationUrl: http://example.org/api/oauth/dialog + authorizationUrl: https://example.org/api/oauth/dialog scopes: write:pets: modify pets in your account read:pets: read your pets ``` - #### Paths Object Holds the relative paths to the individual endpoints and their operations. -The path is appended to the URL from the [`Server Object`](#serverObject) in order to construct the full URL. The Paths MAY be empty, due to [ACL constraints](#securityFiltering). +The path is appended to the URL from the [`Server Object`](#serverObject) in order to construct the full URL. The Paths Object MAY be empty, due to [Access Control List (ACL) constraints](#securityFiltering). ##### Patterned Fields @@ -832,7 +831,7 @@ The path itself is still exposed to the documentation viewer but they will not k Field Name | Type | Description ---|:---:|--- -$ref | `string` | Allows for an external definition of this path item. The referenced structure MUST be in the format of a [Path Item Object](#pathItemObject). In case a Path Item Object field appears both in the defined object and the referenced object, the behavior is undefined. +$ref | `string` | Allows for a referenced definition of this path item. The value MUST be in the form of a URL, and the referenced structure MUST be in the form of a [Path Item Object](#pathItemObject). In case a Path Item Object field appears both in the defined object and the referenced object, the behavior is undefined. See the rules for resolving [Relative References](#relativeReferences). summary| `string` | An optional string summary, intended to apply to all operations in this path. description | `string` | An optional string description, intended to apply to all operations in this path. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. get | [Operation Object](#operationObject) | A definition of a GET operation on this path. @@ -947,7 +946,7 @@ Field Name | Type | Description externalDocs | [External Documentation Object](#externalDocumentationObject) | Additional external documentation for this operation. operationId | `string` | Unique string used to identify the operation. The id MUST be unique among all operations described in the API. The operationId value is **case-sensitive**. Tools and libraries MAY use the operationId to uniquely identify an operation, therefore, it is RECOMMENDED to follow common programming naming conventions. parameters | [[Parameter Object](#parameterObject) \| [Reference Object](#referenceObject)] | A list of parameters that are applicable for this operation. If a parameter is already defined at the [Path Item](#pathItemParameters), the new definition will override it but can never remove it. The list MUST NOT include duplicated parameters. A unique parameter is defined by a combination of a [name](#parameterName) and [location](#parameterIn). The list can use the [Reference Object](#referenceObject) to link to parameters that are defined at the [OpenAPI Object's components/parameters](#componentsParameters). -requestBody | [Request Body Object](#requestBodyObject) \| [Reference Object](#referenceObject) | The request body applicable for this operation. The `requestBody` is only supported in HTTP methods where the HTTP 1.1 specification [RFC7231](https://tools.ietf.org/html/rfc7231#section-4.3.1) has explicitly defined semantics for request bodies. In other cases where the HTTP spec is vague, `requestBody` SHALL be ignored by consumers. +requestBody | [Request Body Object](#requestBodyObject) \| [Reference Object](#referenceObject) | The request body applicable for this operation. The `requestBody` is only supported in HTTP methods where the HTTP 1.1 specification [RFC7231](https://tools.ietf.org/html/rfc7231#section-4.3.1) has explicitly defined semantics for request bodies. In other cases where the HTTP spec is vague (such as [GET](https://tools.ietf.org/html/rfc7231#section-4.3.1), [HEAD](https://tools.ietf.org/html/rfc7231#section-4.3.2) and [DELETE](https://tools.ietf.org/html/rfc7231#section-4.3.5)), `requestBody` SHALL be ignored by consumers. responses | [Responses Object](#responsesObject) | **REQUIRED**. The list of possible responses as they are returned from executing this operation. callbacks | Map[`string`, [Callback Object](#callbackObject) \| [Reference Object](#referenceObject)] | A map of possible out-of band callbacks related to the parent operation. The key is a unique identifier for the Callback Object. Each value in the map is a [Callback Object](#callbackObject) that describes a request that may be initiated by the API provider and the expected responses. deprecated | `boolean` | Declares this operation to be deprecated. Consumers SHOULD refrain from usage of the declared operation. Default value is `false`. @@ -1039,6 +1038,7 @@ requestBody: content: application/x-www-form-urlencoded: schema: + type: object properties: name: description: Updated name of the pet @@ -1074,8 +1074,8 @@ Allows referencing an external resource for extended documentation. Field Name | Type | Description ---|:---:|--- -description | `string` | A short description of the target documentation. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. -url | `string` | **REQUIRED**. The URL for the target documentation. Value MUST be in the format of a URL. +description | `string` | A description of the target documentation. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. +url | `string` | **REQUIRED**. The URL for the target documentation. This MUST be in the form of a URL. This object MAY be extended with [Specification Extensions](#specificationExtensions). @@ -1159,8 +1159,7 @@ Field Name | Type | Description ---|:---:|--- content | Map[`string`, [Media Type Object](#mediaTypeObject)] | A map containing the representations for the parameter. The key is the media type and the value describes it. The map MUST only contain one entry. - -##### Style Values +##### Style Values In order to support common ways of serializing simple parameters, a set of `style` values are defined. @@ -1195,7 +1194,7 @@ The following table shows examples, as would be shown with the `example` or `exa * Note that the `?` prefix is not appropriate for serializing `application/x-www-form-urlencoded` HTTP message bodies, and MUST be stripped or (if constructing the string manually) not added when used in that context; see the [Encoding Object](#encodingObject) for more information * The examples are percent-encoded as required by RFC6570 and RFC3986; see [Appendix E](#percentEncodingAndFormMediaTypes) for a thorough discussion of percent-encoding concerns, including why unencoded `|` (`%7C`), `[` (`%5B`), and `]` (`%5D`) seem to work in some environments despite not being compliant. -[`style`](#dataTypeFormat) | `explode` | `empty` | `string` | `array` | `object` +[`style`](#styleValues) | `explode` | `empty` | `string` | `array` | `object` ----------- | ------ | -------- | -------- | -------- | ------- matrix | false | ;color | ;color=blue | ;color=blue,black,brown | ;color=R,100,G,200,B,150 matrix | true | ;color | ;color=blue | ;color=blue;color=black;color=brown | ;R=100;G=200;B=150 @@ -1397,7 +1396,7 @@ A request body with a referenced schema definition. "examples": { "user" : { "summary": "User Example", - "externalValue": "http://foo.bar/examples/user-example.json" + "externalValue": "https://foo.bar/examples/user-example.json" } } }, @@ -1408,7 +1407,7 @@ A request body with a referenced schema definition. "examples": { "user" : { "summary": "User example in XML", - "externalValue": "http://foo.bar/examples/user-example.xml" + "externalValue": "https://foo.bar/examples/user-example.xml" } } }, @@ -1416,7 +1415,7 @@ A request body with a referenced schema definition. "examples": { "user" : { "summary": "User example in Plain text", - "externalValue": "http://foo.bar/examples/user-example.txt" + "externalValue": "https://foo.bar/examples/user-example.txt" } } }, @@ -1424,7 +1423,7 @@ A request body with a referenced schema definition. "examples": { "user" : { "summary": "User example in other format", - "externalValue": "http://foo.bar/examples/user-example.whatever" + "externalValue": "https://foo.bar/examples/user-example.whatever" } } } @@ -1440,25 +1439,25 @@ content: $ref: '#/components/schemas/User' examples: user: - summary: User Example - externalValue: http://foo.bar/examples/user-example.json + summary: User example + externalValue: https://foo.bar/examples/user-example.json application/xml: schema: $ref: '#/components/schemas/User' examples: user: - summary: User Example in XML - externalValue: http://foo.bar/examples/user-example.xml + summary: User example in XML + externalValue: https://foo.bar/examples/user-example.xml text/plain: examples: user: - summary: User example in text plain format - externalValue: http://foo.bar/examples/user-example.txt + summary: User example in plain text + externalValue: https://foo.bar/examples/user-example.txt '*/*': examples: user: summary: User example in other format - externalValue: http://foo.bar/examples/user-example.whatever + externalValue: https://foo.bar/examples/user-example.whatever ``` #### Media Type Object @@ -1474,7 +1473,7 @@ Field Name | Type | Description schema | [Schema Object](#schemaObject) \| [Reference Object](#referenceObject) | The schema defining the content of the request, response, parameter, or header. example | Any | Example of the media type; see [Working With Examples](#working-with-examples). examples | Map[ `string`, [Example Object](#exampleObject) \| [Reference Object](#referenceObject)] | Examples of the media type; see [Working With Examples](#working-with-examples). -encoding | Map[`string`, [Encoding Object](#encodingObject)] | A map between a property name and information providing more control over the serialization of the value. The key, being the property name, MUST exist in the schema as a property. The encoding attribute SHALL only apply to [Request Body Objects](#requestBodyObject), and only when the media type is `multipart` or `application/x-www-form-urlencoded`. If no Encoding Object is provided for a property, the behavior is determined by the default values documented for the Encoding Object. +encoding | Map[`string`, [Encoding Object](#encodingObject)] | A map between a property name and its encoding information. The key, being the property name, MUST exist in the schema as a property. The encoding attribute SHALL only apply to [Request Body Objects](#requestBodyObject), and only when the media type is `multipart` or `application/x-www-form-urlencoded`. If no Encoding Object is provided for a property, the behavior is determined by the default values documented for the Encoding Object. This object MAY be extended with [Specification Extensions](#specificationExtensions). @@ -1860,10 +1859,11 @@ The documentation is not necessarily expected to cover all possible HTTP respons However, documentation is expected to cover a successful operation response and any known errors. The `default` MAY be used as a default response object for all HTTP codes -that are not covered individually by the specification. +that are not covered individually by the Responses Object. -The `Responses Object` MUST contain at least one response code, and it -SHOULD be the response for a successful operation call. +The `Responses Object` MUST contain at least one response code, and if only one +response code is provided it SHOULD be the response for a successful operation +call. ##### Fixed Fields Field Name | Type | Description @@ -1929,7 +1929,7 @@ Describes a single response from an API Operation, including design-time, static ##### Fixed Fields Field Name | Type | Description ---|:---:|--- -description | `string` | **REQUIRED**. A short description of the response. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. +description | `string` | **REQUIRED**. A description of the response. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. headers | Map[`string`, [Header Object](#headerObject) \| [Reference Object](#referenceObject)] | Maps a header name to its definition. [RFC7230](https://tools.ietf.org/html/rfc7230#page-22) states header names are case insensitive. If a response header is defined with the name `"Content-Type"`, it SHALL be ignored. content | Map[`string`, [Media Type Object](#mediaTypeObject)] | A map containing descriptions of potential response payloads. The key is a media type or [media type range](https://tools.ietf.org/html/rfc7231#appendix-D) and the value describes it. For responses that match multiple keys, only the most specific key is applicable. e.g. text/plain overrides text/* links | Map[`string`, [Link Object](#linkObject) \| [Reference Object](#referenceObject)] | A map of operations links that can be followed from the response. The key of the map is a short name for the link, following the naming constraints of the names for [Component Objects](#componentsObject). @@ -2082,36 +2082,36 @@ This includes accessing any part of a body that a JSON Pointer [RFC6901](https:/ For example, given the following HTTP request: ```http -POST /subscribe/myevent?queryUrl=http://clientdomain.com/stillrunning HTTP/1.1 +POST /subscribe/myevent?queryUrl=https://clientdomain.com/stillrunning HTTP/1.1 Host: example.org Content-Type: application/json Content-Length: 187 { - "failedUrl" : "http://clientdomain.com/failed", + "failedUrl" : "https://clientdomain.com/failed", "successUrls" : [ - "http://clientdomain.com/fast", - "http://clientdomain.com/medium", - "http://clientdomain.com/slow" + "https://clientdomain.com/fast", + "https://clientdomain.com/medium", + "https://clientdomain.com/slow" ] } 201 Created -Location: http://example.org/subscription/1 +Location: https://example.org/subscription/1 ``` The following examples show how the various expressions evaluate, assuming the callback operation has a path parameter named `eventType` and a query parameter named `queryUrl`. Expression | Value ---|:--- -$url | http://example.org/subscribe/myevent?queryUrl=http://clientdomain.com/stillrunning +$url | https://example.org/subscribe/myevent?queryUrl=https://clientdomain.com/stillrunning $method | POST $request.path.eventType | myevent -$request.query.queryUrl | http://clientdomain.com/stillrunning +$request.query.queryUrl | https://clientdomain.com/stillrunning $request.header.content-Type | application/json -$request.body#/failedUrl | http://clientdomain.com/failed -$request.body#/successUrls/1 | http://clientdomain.com/medium -$response.header.Location | http://example.org/subscription/1 +$request.body#/failedUrl | https://clientdomain.com/failed +$request.body#/successUrls/1 | https://clientdomain.com/medium +$response.header.Location | https://example.org/subscription/1 ##### Callback Object Examples @@ -2163,7 +2163,7 @@ Field Name | Type | Description summary | `string` | Short description for the example. description | `string` | Long description for the example. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. value | Any | Embedded literal example. The `value` field and `externalValue` field are mutually exclusive. To represent examples of media types that cannot naturally represented in JSON or YAML, use a string value to contain the example, escaping where necessary. -externalValue | `string` | A URL that points to the literal example. This provides the capability to reference examples that cannot easily be included in JSON or YAML documents. The `value` field and `externalValue` field are mutually exclusive. +externalValue | `string` | A URL that points to the literal example. This provides the capability to reference examples that cannot easily be included in JSON or YAML documents. The `value` field and `externalValue` field are mutually exclusive. See the rules for resolving [Relative References](#relativeReferences). This object MAY be extended with [Specification Extensions](#specificationExtensions). @@ -2215,7 +2215,7 @@ requestBody: examples: textExample: summary: This is a text example - externalValue: http://foo.bar/examples/address-example.txt + externalValue: https://foo.bar/examples/address-example.txt ``` In a parameter: @@ -2446,8 +2446,7 @@ links: ``` Note that in the use of `operationRef`, the _escaped forward-slash_ is necessary when -using JSON Pointers, and it is necessary to URL-encode `{` and `}` as `%7B` and `%7D`, respectively when -using JSON Pointers as URI fragments. +using JSON Pointer, and it is necessary to URL-encode `{` and `}` as `%7B` and `%7D`, respectively when using JSON Pointer as URI fragments. ##### Runtime Expressions @@ -2476,7 +2475,7 @@ The runtime expression is defined by the following [ABNF](https://tools.ietf.org "^" / "_" / "`" / "|" / "~" / DIGIT / ALPHA ``` -Here, `json-pointer` is taken from [RFC 6901](https://tools.ietf.org/html/rfc6901), `char` from [RFC 7159](https://tools.ietf.org/html/rfc7159#section-7) and `token` from [RFC 7230](https://tools.ietf.org/html/rfc7230#section-3.2.6). +Here, `json-pointer` is taken from [RFC6901](https://tools.ietf.org/html/rfc6901), `char` from [RFC7159](https://tools.ietf.org/html/rfc7159#section-7) and `token` from [RFC7230](https://tools.ietf.org/html/rfc7230#section-3.2.6). The `name` identifier is case-sensitive, whereas `token` is not. From 9312d0813bd59320fa30ac62ff2c69f7b591588d Mon Sep 17 00:00:00 2001 From: Ralf Handl Date: Wed, 26 Jun 2024 16:58:49 +0200 Subject: [PATCH 152/251] Remaining unnecessary differences --- versions/3.0.4.md | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 6326296487..e6003358a2 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -2604,7 +2604,7 @@ It is not mandatory to have a Tag Object per tag defined in the Operation Object Field Name | Type | Description ---|:---:|--- name | `string` | **REQUIRED**. The name of the tag. -description | `string` | A short description for the tag. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. +description | `string` | A description for the tag. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. externalDocs | [External Documentation Object](#externalDocumentationObject) | Additional external documentation for this tag. This object MAY be extended with [Specification Extensions](#specificationExtensions). @@ -2626,7 +2626,7 @@ description: Pets operations #### Reference Object -A simple object to allow referencing other components in the specification, internally and externally. +A simple object to allow referencing other components in the OpenAPI document, internally and externally. The Reference Object is defined by [JSON Reference](https://tools.ietf.org/html/draft-pbryan-zyp-json-ref-03) and follows the same structure, behavior and rules. @@ -3157,7 +3157,7 @@ The expectation now is that a property with name `petType` _MUST_ be present in } ``` -Will indicate that the `Cat` schema be used in conjunction with this payload. +Will indicate that the `Cat` schema is expected to match this payload. In scenarios where the value of the discriminator field does not match the schema name or implicit mapping is not possible, an optional `mapping` definition MAY be used: @@ -3177,7 +3177,7 @@ MyResponseType: Here the discriminating value of `dog` will map to the schema `#/components/schemas/Dog`, rather than the default (implicit) value of `#/components/schemas/dog`. If the discriminating value does not match an implicit or explicit mapping, no schema can be determined and validation SHOULD fail. -When used in conjunction with the `anyOf` construct, the use of the discriminator can avoid ambiguity where multiple schemas may satisfy a single payload. +When used in conjunction with the `anyOf` construct, the use of the discriminator can avoid ambiguity for serializers/deserializers where multiple schemas may satisfy a single payload. This example shows the `allOf` usage, which avoids needing to reference all child schemas in the parent: @@ -3221,7 +3221,7 @@ components: type: boolean ``` -a payload like this: +Validated against the `Pet` schema, a payload like this: ```json { @@ -3230,7 +3230,7 @@ a payload like this: } ``` -will indicate that the `Cat` schema be used. Likewise this schema: +will indicate that the `#/components/schemas/Cat` schema is expected to match. Likewise this payload: ```json { @@ -3239,7 +3239,7 @@ will indicate that the `Cat` schema be used. Likewise this schema: } ``` -will map to `Dog` because of the definition in the `mappings` element. +will map to `#/components/schemas/Dog` because the `dog` entry in the `mapping` element maps to `Dog` which is the schema name for `#/components/schemas/Dog`. #### XML Object @@ -3362,7 +3362,7 @@ In this example, a full model definition is shown. "name": { "type": "string", "xml": { - "namespace": "http://example.com/schema/sample", + "namespace": "https://example.com/schema/sample", "prefix": "sample" } } @@ -3383,13 +3383,13 @@ Person: name: type: string xml: - namespace: http://example.com/schema/sample + namespace: https://example.com/schema/sample prefix: sample ``` ```xml - example + example ``` @@ -3611,7 +3611,7 @@ Supported schemes are HTTP authentication, an API key (either as a header, a coo Field Name | Type | Applies To | Description ---|:---:|---|--- type | `string` | Any | **REQUIRED**. The type of the security scheme. Valid values are `"apiKey"`, `"http"`, `"oauth2"`, `"openIdConnect"`. -description | `string` | Any | A short description for security scheme. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. +description | `string` | Any | A description for security scheme. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. name | `string` | `apiKey` | **REQUIRED**. The name of the header, query or cookie parameter to be used. in | `string` | `apiKey` | **REQUIRED**. The location of the API key. Valid values are `"query"`, `"header"` or `"cookie"`. scheme | `string` | `http` | **REQUIRED**. The name of the HTTP Authentication scheme to be used in the [Authorization header as defined in RFC7235](https://tools.ietf.org/html/rfc7235#section-5.1). The values used SHOULD be registered in the [IANA Authentication Scheme registry](https://www.iana.org/assignments/http-authschemes/http-authschemes.xhtml). The value is case-insensitive, as defined in [RFC7235](https://datatracker.ietf.org/doc/html/rfc7235#section-2.1). @@ -3642,14 +3642,14 @@ scheme: basic ```json { "type": "apiKey", - "name": "api_key", + "name": "api-key", "in": "header" } ``` ```yaml type: apiKey -name: api_key +name: api-key in: header ``` @@ -3659,7 +3659,7 @@ in: header { "type": "http", "scheme": "bearer", - "bearerFormat": "JWT", + "bearerFormat": "JWT" } ``` @@ -3717,9 +3717,9 @@ Configuration details for a supported OAuth Flow ##### Fixed Fields Field Name | Type | Applies To | Description ---|:---:|---|--- -authorizationUrl | `string` | `oauth2` (`"implicit"`, `"authorizationCode"`) | **REQUIRED**. The authorization URL to be used for this flow. This MUST be in the form of a URL. -tokenUrl | `string` | `oauth2` (`"password"`, `"clientCredentials"`, `"authorizationCode"`) | **REQUIRED**. The token URL to be used for this flow. This MUST be in the form of a URL. -refreshUrl | `string` | `oauth2` | The URL to be used for obtaining refresh tokens. This MUST be in the form of a URL. +authorizationUrl | `string` | `oauth2` (`"implicit"`, `"authorizationCode"`) | **REQUIRED**. The authorization URL to be used for this flow. This MUST be in the form of a URL. The OAuth2 standard requires the use of TLS. +tokenUrl | `string` | `oauth2` (`"password"`, `"clientCredentials"`, `"authorizationCode"`) | **REQUIRED**. The token URL to be used for this flow. This MUST be in the form of a URL. The OAuth2 standard requires the use of TLS. +refreshUrl | `string` | `oauth2` | The URL to be used for obtaining refresh tokens. This MUST be in the form of a URL. The OAuth2 standard requires the use of TLS. scopes | Map[`string`, `string`] | `oauth2` | **REQUIRED**. The available scopes for the OAuth2 security scheme. A map between the scope name and a short description for it. The map MAY be empty. This object MAY be extended with [Specification Extensions](#specificationExtensions). @@ -3960,7 +3960,7 @@ While not part of the specification itself, certain libraries MAY choose to allo Two examples of this: -1. The [Paths Object](#pathsObject) MAY be empty. It may be counterintuitive, but this may tell the viewer that they got to the right place, but can't access any documentation. They'd still have access to the [Info Object](#infoObject) which may contain additional information regarding authentication. +1. The [Paths Object](#pathsObject) MAY be present but empty. It may be counterintuitive, but this may tell the viewer that they got to the right place, but can't access any documentation. They would still have access to at least the [Info Object](#infoObject) which may contain additional information regarding authentication. 2. The [Path Item Object](#pathItemObject) MAY be empty. In this case, the viewer will be aware that the path exists, but will not be able to see any of its operations or parameters. This is different from hiding the path itself from the [Paths Object](#pathsObject), because the user will be aware of its existence. This allows the documentation provider to finely control what the viewer can see. ## Security Considerations @@ -4030,7 +4030,7 @@ To control the serialization of numbers, booleans, and `null` (or other values R The resulting strings would not require any further type conversion. The `format` keyword can assist in serialization. -Some formats (such as `date-time` or `byte`) are unambiguous, while others (such as [`decimal`](https://spec.openapis.org/registry/format/decimal.html) in the [Format Registry](https://spec.openapis.org/registry/format/)) are less clear. +Some formats (such as `date-time`) are unambiguous, while others (such as [`decimal`](https://spec.openapis.org/registry/format/decimal.html) in the [Format Registry](https://spec.openapis.org/registry/format/)) are less clear. However, care must be taken with `format` to ensure that the specific formats are supported by all relevant tools as unrecognized formats are ignored. Requiring input as pre-formatted, schema-validated strings also improves round-trip interoperability as not all programming languages and environments support the same data types. From a801ba90b7ab75e3cc56628ee4b12d0116a3def7 Mon Sep 17 00:00:00 2001 From: Ralf Handl Date: Wed, 26 Jun 2024 17:54:54 +0200 Subject: [PATCH 153/251] Update versions/3.0.4.md --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index e6003358a2..83f6c463ce 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -1861,7 +1861,7 @@ However, documentation is expected to cover a successful operation response and The `default` MAY be used as a default response object for all HTTP codes that are not covered individually by the Responses Object. -The `Responses Object` MUST contain at least one response code, and if only one +The Responses Object MUST contain at least one response code, and if only one response code is provided it SHOULD be the response for a successful operation call. From 55d932e46e348195d7369b5ce9449b0c416c1a8c Mon Sep 17 00:00:00 2001 From: Ralf Handl Date: Thu, 27 Jun 2024 10:04:48 +0200 Subject: [PATCH 154/251] Don't monospace Xxx Object --- versions/3.0.4.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 03da3f7ddc..f53404321b 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -267,7 +267,7 @@ OpenAPI Description authors SHOULD consider how text using such extensions will ### Relative References in URLs Unless specified otherwise, all properties that are URLs MAY be relative references as defined by [RFC3986](https://tools.ietf.org/html/rfc3986#section-4.2). -Relative references are resolved using the URLs defined in the [`Server Object`](#serverObject) as a Base URI. +Relative references are resolved using the URLs defined in the [Server Object](#serverObject) as a Base URI. Relative references used in `$ref` are processed as per [JSON Reference](https://tools.ietf.org/html/draft-pbryan-zyp-json-ref-03), using the URL of the current document as the base URI. See also the [Reference Object](#referenceObject). @@ -747,13 +747,13 @@ components: #### Paths Object Holds the relative paths to the individual endpoints and their operations. -The path is appended to the URL from the [`Server Object`](#serverObject) in order to construct the full URL. The Paths MAY be empty, due to [ACL constraints](#securityFiltering). +The path is appended to the URL from the [Server Object](#serverObject) in order to construct the full URL. The Paths MAY be empty, due to [ACL constraints](#securityFiltering). ##### Patterned Fields Field Pattern | Type | Description ---|:---:|--- -/{path} | [Path Item Object](#pathItemObject) | A relative path to an individual endpoint. The field name MUST begin with a forward slash (`/`). The path is **appended** (no relative URL resolution) to the expanded URL from the [`Server Object`](#serverObject)'s `url` field in order to construct the full URL. [Path templating](#pathTemplating) is allowed. When matching URLs, concrete (non-templated) paths would be matched before their templated counterparts. Templated paths with the same hierarchy but different templated names MUST NOT exist as they are identical. In case of ambiguous matching, it's up to the tooling to decide which one to use. +/{path} | [Path Item Object](#pathItemObject) | A relative path to an individual endpoint. The field name MUST begin with a forward slash (`/`). The path is **appended** (no relative URL resolution) to the expanded URL from the [Server Object](#serverObject)'s `url` field in order to construct the full URL. [Path templating](#pathTemplating) is allowed. When matching URLs, concrete (non-templated) paths would be matched before their templated counterparts. Templated paths with the same hierarchy but different templated names MUST NOT exist as they are identical. In case of ambiguous matching, it's up to the tooling to decide which one to use. This object MAY be extended with [Specification Extensions](#specificationExtensions). @@ -1862,7 +1862,7 @@ However, documentation is expected to cover a successful operation response and The `default` MAY be used as a default response object for all HTTP codes that are not covered individually by the specification. -The `Responses Object` MUST contain at least one response code, and it +The Responses Object MUST contain at least one response code, and it SHOULD be the response for a successful operation call. ##### Fixed Fields @@ -2324,7 +2324,7 @@ In this example, the JSON string had to be serialized before encoding it into th #### Link Object -The `Link object` represents a possible design-time link for a response. +The Link Object represents a possible design-time link for a response. The presence of a link does not guarantee the caller's ability to successfully invoke it, rather it provides a known relationship and traversal mechanism between responses and other operations. Unlike _dynamic_ links (i.e. links provided **in** the response payload), the OAS linking mechanism does not require link information in the runtime response. From d4425ba3f20105a903487227f860cfa7c63ae25c Mon Sep 17 00:00:00 2001 From: Mike Kistler Date: Thu, 27 Jun 2024 11:05:02 -0700 Subject: [PATCH 155/251] Reword as discussed in TSC meeting today --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 890af64b7d..b18377fb79 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -1755,7 +1755,7 @@ Note that there are significant restrictions on what headers can be used with `m Note also that `Content-Transfer-Encoding` is deprecated for `multipart/form-data` ([RFC7578 §4.7](https://www.rfc-editor.org/rfc/rfc7578.html#section-4.7)) where binary data is supported, as it is in HTTP. Using `format: byte` for a multipart field is equivalent to specifying an `encoding` object with a `headers` field containing `Content-Transfer-Encoding: { schema: { enum: [base64] } }`. -If `format: byte` is used for a multipart field that has an encoding object with a `headers` field containing `Content-Transfer-Encoding` with a schema that permits values other than "base64", the result is undefined. +If `format: byte` is used for a multipart field that has an encoding object with a `headers` field containing `Content-Transfer-Encoding` with a schema that disallows "base64", the result is undefined for serialization and parsing. Per the JSON Schema specification, `contentMediaType` without `contentEncoding` present is treated as if `contentEncoding: identity` were present. While useful for embedding text documents such as `text/html` into JSON strings, it is not useful for a `multipart/form-data` part, as it just causes the document to be treated as `text/plain` instead of its actual media type. Use the Encoding Object without `contentMediaType` if no `contentEncoding` is required. From 37866fbe3b57fb960698ae4b26b71fc4019ca5cb Mon Sep 17 00:00:00 2001 From: Mike Kistler Date: Thu, 27 Jun 2024 12:33:35 -0700 Subject: [PATCH 156/251] Avoid "partially condensed YAML" Co-authored-by: Ralf Handl --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index b18377fb79..9c47767930 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -1754,7 +1754,7 @@ Note that there are significant restrictions on what headers can be used with `m Note also that `Content-Transfer-Encoding` is deprecated for `multipart/form-data` ([RFC7578 §4.7](https://www.rfc-editor.org/rfc/rfc7578.html#section-4.7)) where binary data is supported, as it is in HTTP. -Using `format: byte` for a multipart field is equivalent to specifying an `encoding` object with a `headers` field containing `Content-Transfer-Encoding: { schema: { enum: [base64] } }`. +Using `format: byte` for a multipart field is equivalent to specifying an Encoding Object with a `headers` field containing `Content-Transfer-Encoding` with a schema that requires the value `base64`. If `format: byte` is used for a multipart field that has an encoding object with a `headers` field containing `Content-Transfer-Encoding` with a schema that disallows "base64", the result is undefined for serialization and parsing. Per the JSON Schema specification, `contentMediaType` without `contentEncoding` present is treated as if `contentEncoding: identity` were present. While useful for embedding text documents such as `text/html` into JSON strings, it is not useful for a `multipart/form-data` part, as it just causes the document to be treated as `text/plain` instead of its actual media type. Use the Encoding Object without `contentMediaType` if no `contentEncoding` is required. From 8b8f2cc347ce41962ed4e66898263ce2cec22375 Mon Sep 17 00:00:00 2001 From: Mike Kistler Date: Thu, 27 Jun 2024 12:43:47 -0700 Subject: [PATCH 157/251] Final polish --- versions/3.0.4.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 9c47767930..7045ec6cfd 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -1754,8 +1754,8 @@ Note that there are significant restrictions on what headers can be used with `m Note also that `Content-Transfer-Encoding` is deprecated for `multipart/form-data` ([RFC7578 §4.7](https://www.rfc-editor.org/rfc/rfc7578.html#section-4.7)) where binary data is supported, as it is in HTTP. -Using `format: byte` for a multipart field is equivalent to specifying an Encoding Object with a `headers` field containing `Content-Transfer-Encoding` with a schema that requires the value `base64`. -If `format: byte` is used for a multipart field that has an encoding object with a `headers` field containing `Content-Transfer-Encoding` with a schema that disallows "base64", the result is undefined for serialization and parsing. +Using `format: byte` for a multipart field is equivalent to specifying an [Encoding Object](#encodingObject) with a `headers` field containing `Content-Transfer-Encoding` with a schema that requires the value `base64`. +If `format: byte` is used for a multipart field that has an Encoding Object with a `headers` field containing `Content-Transfer-Encoding` with a schema that disallows `base64`, the result is undefined for serialization and parsing. Per the JSON Schema specification, `contentMediaType` without `contentEncoding` present is treated as if `contentEncoding: identity` were present. While useful for embedding text documents such as `text/html` into JSON strings, it is not useful for a `multipart/form-data` part, as it just causes the document to be treated as `text/plain` instead of its actual media type. Use the Encoding Object without `contentMediaType` if no `contentEncoding` is required. From c0696c19d95f70c5ba377f4ef1a442df1c27c660 Mon Sep 17 00:00:00 2001 From: Ralf Handl Date: Fri, 12 Jul 2024 10:36:29 +0200 Subject: [PATCH 158/251] Editorial improvements from 3.1.1 --- versions/3.0.4.md | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index f3eaf81780..5ef3e607af 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -1649,7 +1649,8 @@ However, if all three of `style`, `explode`, and `allowReserved` fields are abse * All three keywords are to be entirely ignored, rather than treated as having their default values * Encoding is to be based on `contentType` alone, whether it is present with an explicit value or absent and treated as having its default value -This makes the presence of at least one of `style`, `explode`, or `allowReserved` with an explicit value equivalent to using `schema` with `in: query` Parameter Objects, and their absence the equivalent of using `content`, but with the media type specified in `contentType` rather than through a Media Type Object. +Note that the presence of at least one of `style`, `explode`, or `allowReserved` with an explicit value is equivalent to using `schema` with `in: query` Parameter Objects. +The absence of all three of those fields is the equivalent of using `content`, but with the media type specified in `contentType` rather than through a Media Type Object. ##### Encoding the `x-www-form-urlencoded` Media Type @@ -1998,9 +1999,9 @@ Plain text response with headers: "content": { "text/plain": { "schema": { - "type": "string", - "example": "whoa!" - } + "type": "string" + }, + "example": "whoa!" } }, "headers": { @@ -2681,7 +2682,7 @@ These types can be objects, but also primitives and arrays. This object is an extended subset of the [JSON Schema Specification Wright Draft 00](https://json-schema.org/). For more information about the properties, see [JSON Schema Core](https://tools.ietf.org/html/draft-wright-json-schema-00) and [JSON Schema Validation](https://tools.ietf.org/html/draft-wright-json-schema-validation-00). -Unless stated otherwise, the property definitions follow the JSON Schema. +Unless stated otherwise, the property definitions follow those of JSON Schema and do not add any additional semantics. ##### Properties @@ -2727,11 +2728,11 @@ Other than the JSON Schema subset fields, the following fields MAY be used for f Field Name | Type | Description ---|:---:|--- nullable | `boolean` | A `true` value adds `"null"` to the allowed type specified by the `type` keyword, only if `type` is explicitly defined within the same Schema Object. Other Schema Object constraints retain their defined behavior, and therefore may disallow the use of `null` as a value. A `false` value leaves the specified or default `type` unmodified. The default value is `false`. -discriminator | [Discriminator Object](#discriminatorObject) | Adds support for polymorphism. The discriminator is an object name that is used to differentiate between other schemas which may satisfy the payload description. See [Composition and Inheritance](#schemaComposition) for more details. +discriminator | [Discriminator Object](#discriminatorObject) | Adds support for polymorphism. The discriminator is used to determine which of a set of schemas a payload is expected to satisfy. See [Composition and Inheritance](#schemaComposition) for more details. readOnly | `boolean` | Relevant only for Schema `"properties"` definitions. Declares the property as "read only". This means that it MAY be sent as part of a response but SHOULD NOT be sent as part of the request. If the property is marked as `readOnly` being `true` and is in the `required` list, the `required` will take effect on the response only. A property MUST NOT be marked as both `readOnly` and `writeOnly` being `true`. Default value is `false`. writeOnly | `boolean` | Relevant only for Schema `"properties"` definitions. Declares the property as "write only". Therefore, it MAY be sent as part of a request but SHOULD NOT be sent as part of the response. If the property is marked as `writeOnly` being `true` and is in the `required` list, the `required` will take effect on the request only. A property MUST NOT be marked as both `readOnly` and `writeOnly` being `true`. Default value is `false`. xml | [XML Object](#xmlObject) | This MAY be used only on properties schemas. It has no effect on root schemas. Adds additional metadata to describe the XML representation of this property. -externalDocs | [External Documentation Object](#externalDocumentationObject) | Additional external documentation for this schema. +externalDocs | [External Documentation Object](#externalDocumentationObject) | Additional external documentation for this schema. example | Any | A free-form property to include an example of an instance for this schema. To represent examples that cannot be naturally represented in JSON or YAML, a string value can be used to contain the example with escaping where necessary. deprecated | `boolean` | Specifies that a schema is deprecated and SHOULD be transitioned out of usage. Default value is `false`. @@ -2740,11 +2741,11 @@ This object MAY be extended with [Specification Extensions](#specificationExtens ###### Composition and Inheritance (Polymorphism) The OpenAPI Specification allows combining and extending model definitions using the `allOf` property of JSON Schema, in effect offering model composition. -`allOf` takes an array of object definitions that are validated *independently* but together compose a single object. +`allOf` takes an array of object definitions that are validated *independently* but together compose a single object. While composition offers model extensibility, it does not imply a hierarchy between the models. To support polymorphism, the OpenAPI Specification adds the `discriminator` field. -When used, the `discriminator` will be the name of the property that decides which schema definition validates the structure of the model. +When used, the `discriminator` indicates the name of the property that hints which schema definition is expected to validate the structure of the model. As such, the `discriminator` field MUST be a required field. There are two ways to define the value of a discriminator for an inheriting instance. - Use the schema name. @@ -3136,8 +3137,7 @@ MyResponseType: - $ref: '#/components/schemas/Lizard' ``` -which means the payload _MUST_, by validation, match exactly one of the schemas described by `Cat`, `Dog`, or `Lizard`. In this case, a discriminator MAY act as a "hint" to shortcut validation and selection of the matching schema which may be a costly operation, depending on the complexity of the schema. We can then describe exactly which field tells us which schema to use: - +which means the payload _MUST_, by validation, match exactly one of the schemas described by `Cat`, `Dog`, or `Lizard`. Deserialization of a `oneOf` can be a costly operation, as it requires determining which schema matches the payload and thus should be used in deserialization. This problem also exists for `anyOf` schemas. A `discriminator` MAY be used as a "hint" to improve the efficiency of selection of the matching schema. The `discriminator` field cannot change the validation result of the `oneOf`, it can only help make the deserialization more efficient and provide better error messaging. We can specify the exact field that tells us which schema is expected to match the instance: ```yaml MyResponseType: @@ -3261,7 +3261,7 @@ Field Name | Type | Description This object MAY be extended with [Specification Extensions](#specificationExtensions). -The `namespace` keyword is intended to match the syntax of [XML namespaces](https://www.w3.org/TR/xml-names11/), although there are a few caveats: +The `namespace` field is intended to match the syntax of [XML namespaces](https://www.w3.org/TR/xml-names11/), although there are a few caveats: * Version 3.0.3 and earlier of this specification erroneously used the term "absolute URI" instead of "non-relative URI", so authors using namespaces that include a fragment should check tooling support carefully. * XML allows but discourages relative URI-references, while this specification outright forbids them. From f9dc2efc635c180fd8ef117e94b01fb97a27eec7 Mon Sep 17 00:00:00 2001 From: Ralf Handl Date: Mon, 22 Jul 2024 14:36:01 +0200 Subject: [PATCH 159/251] Sync 3.0.4 with 3.1.1 --- versions/3.0.4.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 5ef3e607af..a9bdbc82ab 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -2744,13 +2744,12 @@ The OpenAPI Specification allows combining and extending model definitions using `allOf` takes an array of object definitions that are validated *independently* but together compose a single object. While composition offers model extensibility, it does not imply a hierarchy between the models. -To support polymorphism, the OpenAPI Specification adds the `discriminator` field. +To support polymorphism, the OpenAPI Specification adds the [`discriminator`](#schemaDiscriminator) field. When used, the `discriminator` indicates the name of the property that hints which schema definition is expected to validate the structure of the model. As such, the `discriminator` field MUST be a required field. There are two ways to define the value of a discriminator for an inheriting instance. - Use the schema name. -- Override the schema name by overriding the property with a new value. If a new value exists, this takes precedence over the schema name. -As such, inline schema definitions, which do not have a given id, *cannot* be used in polymorphism. +- [Override the schema name](#discriminatorMapping) by overriding the property with a new value. If a new value exists, this takes precedence over the schema name. ###### XML Modeling @@ -3606,7 +3605,9 @@ animals: #### Security Scheme Object Defines a security scheme that can be used by the operations. + Supported schemes are HTTP authentication, an API key (either as a header, a cookie parameter or as a query parameter), OAuth2's common flows (implicit, password, client credentials and authorization code) as defined in [RFC6749](https://tools.ietf.org/html/rfc6749), and [OpenID Connect Core](https://openid.net/specs/openid-connect-core-1_0.html). +Please note that as of 2020, the implicit flow is about to be deprecated by [OAuth 2.0 Security Best Current Practice](https://tools.ietf.org/html/draft-ietf-oauth-security-topics). Recommended for most use case is Authorization Code Grant flow with PKCE. ##### Fixed Fields Field Name | Type | Applies To | Description From e11113d6a1117e6dcf22004e83cb7b5a1ead5f2c Mon Sep 17 00:00:00 2001 From: Ralf Handl Date: Wed, 24 Jul 2024 16:24:35 +0200 Subject: [PATCH 160/251] Improved RFC section links --- versions/3.0.4.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index a9bdbc82ab..51f437512a 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -1143,7 +1143,7 @@ Field Name | Type | Description ---|:---:|--- style | `string` | Describes how the parameter value will be serialized depending on the type of the parameter value. Default values (based on value of `in`): for `query` - `form`; for `path` - `simple`; for `header` - `simple`; for `cookie` - `form`. explode | `boolean` | When this is true, parameter values of type `array` or `object` generate separate parameters for each value of the array or key-value pair of the map. For other types of parameters this property has no effect. When [`style`](#parameterStyle) is `form`, the default value is `true`. For all other styles, the default value is `false`. Note that despite `false` being the default for `deepObject`, the combination of `false` with `deepObject` is undefined. -allowReserved | `boolean` | When this is true, parameter values are serialized using reserved expansion, as defined by [RFC6570](https://datatracker.ietf.org/doc/html/rfc6570#autoid-20), which allows [RFC3986's reserved character set](https://datatracker.ietf.org/doc/html/rfc3986#autoid-13), as well as percent-encoded triples, to pass through unchanged, while still percent-encoding all other disallowed characters (including `%` outside of percent-encoded triples). Applications are still responsible for percent-encoding reserved characters that are [not allowed in the query string](https://datatracker.ietf.org/doc/html/rfc3986#autoid-24) (`[`, `]`, `#`), or have a special meaning in `application/x-www-form-urlencoded` (`-`, `&`, `+`); see Appendices [C](#usingRFC6570Implementations) and [E](#percentEncodingAndFormMediaTypes) for details. This property only applies to parameters with an `in` value of `query`. The default value is `false`. +allowReserved | `boolean` | When this is true, parameter values are serialized using reserved expansion, as defined by [RFC6570](https://datatracker.ietf.org/doc/html/rfc6570#section-3.2.3), which allows [RFC3986's reserved character set](https://datatracker.ietf.org/doc/html/rfc3986#section-2.2), as well as percent-encoded triples, to pass through unchanged, while still percent-encoding all other disallowed characters (including `%` outside of percent-encoded triples). Applications are still responsible for percent-encoding reserved characters that are [not allowed in the query string](https://datatracker.ietf.org/doc/html/rfc3986#section-3.4) (`[`, `]`, `#`), or have a special meaning in `application/x-www-form-urlencoded` (`-`, `&`, `+`); see Appendices [C](#usingRFC6570Implementations) and [E](#percentEncodingAndFormMediaTypes) for details. This property only applies to parameters with an `in` value of `query`. The default value is `false`. schema | [Schema Object](#schemaObject) \| [Reference Object](#referenceObject) | The schema defining the type used for the parameter. example | Any | Example of the parameter's potential value; see [Working With Examples](#working-with-examples). examples | Map[ `string`, [Example Object](#exampleObject) \| [Reference Object](#referenceObject)] | Examples of the parameter's potential value; see [Working With Examples](#working-with-examples). @@ -1634,7 +1634,7 @@ Field Name | Type | Description ---|:---:|--- style | `string` | Describes how a specific property value will be serialized depending on its type. See [Parameter Object](#parameterObject) for details on the [`style`](#parameterStyle) property. The behavior follows the same values as `query` parameters, including default values. Note that the initial `?` used in query strings is not used in `application/x-www-form-urlencoded` message bodies, and MUST be removed (if using an RFC6570 implementation) or simply not added (if constructing the string manually). This property SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. explode | `boolean` | When this is true, property values of type `array` or `object` generate separate parameters for each value of the array, or key-value-pair of the map. For other types of properties this property has no effect. When [`style`](#encodingStyle) is `form`, the default value is `true`. For all other styles, the default value is `false`. Note that despite `false` being the default for `deepObject`, the combination of `false` with `deepObject` is undefined. This property SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. -allowReserved | `boolean` | When this is true, parameter values are serialized using reserved expansion, as defined by [RFC6570](https://datatracker.ietf.org/doc/html/rfc6570#autoid-20), which allows [RFC3986's reserved character set](https://datatracker.ietf.org/doc/html/rfc3986#autoid-13), as well as percent-encoded triples, to pass through unchanged, while still percent-encoding all other disallowed characters (including `%` outside of percent-encoded triples). Applications are still responsible for percent-encoding reserved characters that are [not allowed in the query string](https://datatracker.ietf.org/doc/html/rfc3986#autoid-24) (`[`, `]`, `#`), or have a special meaning in `application/x-www-form-urlencoded` (`-`, `&`, `+`); see Appendices [C](#usingRFC6570Implementations) and [E](#percentEncodingAndFormMediaTypes) for details. The default value is `false`. This property SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. +allowReserved | `boolean` | When this is true, parameter values are serialized using reserved expansion, as defined by [RFC6570](https://datatracker.ietf.org/doc/html/rfc6570#section-3.2.3), which allows [RFC3986's reserved character set](https://datatracker.ietf.org/doc/html/rfc3986#section-2.2), as well as percent-encoded triples, to pass through unchanged, while still percent-encoding all other disallowed characters (including `%` outside of percent-encoded triples). Applications are still responsible for percent-encoding reserved characters that are [not allowed in the query string](https://datatracker.ietf.org/doc/html/rfc3986#section-3.4) (`[`, `]`, `#`), or have a special meaning in `application/x-www-form-urlencoded` (`-`, `&`, `+`); see Appendices [C](#usingRFC6570Implementations) and [E](#percentEncodingAndFormMediaTypes) for details. The default value is `false`. This property SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. See also [Appendix C: Using RFC6570 Implementations](#usingRFC6570Implementations) for additional guidance. From 5fb8293807509b20d89c9f7c035948e3478f48c3 Mon Sep 17 00:00:00 2001 From: Ralf Handl Date: Thu, 25 Jul 2024 11:15:38 +0200 Subject: [PATCH 161/251] Section link instead of page link --- versions/3.0.4.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 51f437512a..300840e256 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -1105,7 +1105,7 @@ See [Appendix E](#percentEncodingAndFormMediaTypes) for a detailed examination o There are four possible parameter locations specified by the `in` field: * path - Used together with [Path Templating](#pathTemplating), where the parameter value is actually part of the operation's URL. This does not include the host or base path of the API. For example, in `/items/{itemId}`, the path parameter is `itemId`. * query - Parameters that are appended to the URL. For example, in `/items?id=###`, the query parameter is `id`. -* header - Custom headers that are expected as part of the request. Note that [RFC7230](https://tools.ietf.org/html/rfc7230#page-22) states header names are case insensitive. +* header - Custom headers that are expected as part of the request. Note that [RFC7230](https://tools.ietf.org/html/rfc7230#section-3.2) states header names are case insensitive. * cookie - Used to pass a specific cookie value to the API. ##### Fixed Fields @@ -1932,7 +1932,7 @@ Describes a single response from an API Operation, including design-time, static Field Name | Type | Description ---|:---:|--- description | `string` | **REQUIRED**. A description of the response. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. -headers | Map[`string`, [Header Object](#headerObject) \| [Reference Object](#referenceObject)] | Maps a header name to its definition. [RFC7230](https://tools.ietf.org/html/rfc7230#page-22) states header names are case insensitive. If a response header is defined with the name `"Content-Type"`, it SHALL be ignored. +headers | Map[`string`, [Header Object](#headerObject) \| [Reference Object](#referenceObject)] | Maps a header name to its definition. [RFC7230](https://tools.ietf.org/html/rfc7230#section-3.2) states header names are case insensitive. If a response header is defined with the name `"Content-Type"`, it SHALL be ignored. content | Map[`string`, [Media Type Object](#mediaTypeObject)] | A map containing descriptions of potential response payloads. The key is a media type or [media type range](https://tools.ietf.org/html/rfc7231#appendix-D) and the value describes it. For responses that match multiple keys, only the most specific key is applicable. e.g. text/plain overrides text/* links | Map[`string`, [Link Object](#linkObject) \| [Reference Object](#referenceObject)] | A map of operations links that can be followed from the response. The key of the map is a short name for the link, following the naming constraints of the names for [Component Objects](#componentsObject). From 7d7f69d783c8b9f460c46864c90da5977f90caa4 Mon Sep 17 00:00:00 2001 From: Ralf Handl Date: Mon, 29 Jul 2024 09:52:53 +0200 Subject: [PATCH 162/251] Align RFC links, show all RFCs in Normative References --- versions/3.0.4.md | 46 +++++++++++++++++++++++----------------------- 1 file changed, 23 insertions(+), 23 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 300840e256..1b3d5a8ea1 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -12,7 +12,7 @@ The OpenAPI Specification (OAS) defines a standard, language-agnostic interface An OpenAPI description can then be used by documentation generation tools to display the API, code generation tools to generate servers and clients in various programming languages, testing tools, and many other use cases. -For examples of OpenAPI usage and additional documentation, please visit [learn.openapis.org](https://learn.openapis.org/). +For examples of OpenAPI usage and additional documentation, please visit [[?OpenAPI-Learn]]. For extension registries and other specifications published by the OpenAPI Initiative, as well as the authoritative rendering of this specification, please visit [spec.openapis.org](https://spec.openapis.org/). @@ -154,7 +154,7 @@ Patterned fields MUST have unique names within the containing object. In order to preserve the ability to round-trip between YAML and JSON formats, YAML version [1.2](https://yaml.org/spec/1.2/spec.html) is RECOMMENDED along with some additional constraints: -- Tags MUST be limited to those allowed by [YAML's JSON schema ruleset](https://yaml.org/spec/1.2/spec.html#id2803231), which defines a subset of the YAML syntax and is unrelated to [JSON Schema](https://tools.ietf.org/html/draft-wright-json-schema-00). +- Tags MUST be limited to those allowed by [YAML's JSON schema ruleset](https://yaml.org/spec/1.2/spec.html#id2803231), which defines a subset of the YAML syntax and is unrelated to [[JSON-Schema-05|JSON Schema]]. - Keys used in YAML maps MUST be limited to a scalar string, as defined by the [YAML Failsafe schema ruleset](https://yaml.org/spec/1.2/spec.html#id2802346). **Note:** While APIs may be described by OpenAPI documents in either YAML or JSON format, the API request and response bodies and other content are not required to be JSON or YAML. @@ -1189,7 +1189,7 @@ The following table shows examples, as would be shown with the `example` or `exa * The value _empty_ denotes the empty string, and is unrelated to the `allowEmptyValue` field * The behavior of combinations marked _n/a_ is undefined -* The `undefined` replaces the `empty` column in previous versions of this specification in order to better align with [RFC6570 §2.3](https://www.rfc-editor.org/rfc/rfc6570.html#section-2.3) terminology, which describes certain values including but not limited to `null` as "undefined" values with special handling; notably, the empty string is _not_ undefined +* The `undefined` replaces the `empty` column in previous versions of this specification in order to better align with [RFC6570](https://www.rfc-editor.org/rfc/rfc6570.html#section-2.3) terminology, which describes certain values including but not limited to `null` as "undefined" values with special handling; notably, the empty string is _not_ undefined * For `form` and the non-RFC6570 query string styles `spaceDelimited`, `pipeDelimited`, and `deepObject`, each example is shown prefixed with `?` as if it were the only query parameter; see [Appendix C](#usingRFC6570Implementations) for more information on constructing query strings from multiple parameters, and [Appendix D](#serializingHeadersAndCookies) for warnings regarding `form` and cookie parameters * Note that the `?` prefix is not appropriate for serializing `application/x-www-form-urlencoded` HTTP message bodies, and MUST be stripped or (if constructing the string manually) not added when used in that context; see the [Encoding Object](#encodingObject) for more information * The examples are percent-encoded as required by RFC6570 and RFC3986; see [Appendix E](#percentEncodingAndFormMediaTypes) for a thorough discussion of percent-encoding concerns, including why unencoded `|` (`%7C`), `[` (`%5B`), and `]` (`%5D`) seem to work in some environments despite not being compliant. @@ -1736,23 +1736,23 @@ name=example&icon=iVBORw0KGgoAAAANSUhEUgAAAAIAAAACCAIAAAD91JpzAAAABGdBTUEAALGPC% ``` Note that this base64-encoded value had to be futher percent-encoded, replacing `/` with `%2F` and each of two final `=` padding characters with `%3D`. -Some base64-decoding implementations may be able to use the string without the padding per [RFC4648 §3.2](https://datatracker.ietf.org/doc/html/rfc4648#section-3.2). +Some base64-decoding implementations may be able to use the string without the padding per [RFC4648](https://datatracker.ietf.org/doc/html/rfc4648#section-3.2). However, this is not guaranteed and the value would still need to be percent-decoded due to the `%2F`. ##### Encoding `multipart` Media Types It is common to use `multipart/form-data` as a `Content-Type` when transferring forms as request bodies. In contrast to 2.0, a `schema` is REQUIRED to define the input parameters to the operation when using `multipart` content. This supports complex structures as well as supporting mechanisms for multiple file uploads. -The `form-data` disposition and its `name` parameter are mandatory for `multipart/form-data` ([RFC7578 §4.2](https://www.rfc-editor.org/rfc/rfc7578.html#section-4.2)). -Array properties are handled by applying the same `name` to multiple parts, as is recommended by [RFC7578 §4.3](https://www.rfc-editor.org/rfc/rfc7578.html#section-4.3) for supplying multiple values per form field. -See [RFC7578 §5](https://www.rfc-editor.org/rfc/rfc7578.html#section-5) for guidance regarding non-ASCII part names. +The `form-data` disposition and its `name` parameter are mandatory for `multipart/form-data` ([RFC7578](https://www.rfc-editor.org/rfc/rfc7578.html#section-4.2)). +Array properties are handled by applying the same `name` to multiple parts, as is recommended by [RFC7578](https://www.rfc-editor.org/rfc/rfc7578.html#section-4.3) for supplying multiple values per form field. +See [RFC7578](https://www.rfc-editor.org/rfc/rfc7578.html#section-5) for guidance regarding non-ASCII part names. -Various other `multipart` types, most notable `multipart/mixed` ([RFC2046 §5.1.3](https://www.rfc-editor.org/rfc/rfc2046.html#section-5.1.3)) neither require nor forbid specific `Content-Disposition` values, which means care must be taken to ensure that any values used are supported by all relevant software. +Various other `multipart` types, most notable `multipart/mixed` ([RFC2046](https://www.rfc-editor.org/rfc/rfc2046.html#section-5.1.3)) neither require nor forbid specific `Content-Disposition` values, which means care must be taken to ensure that any values used are supported by all relevant software. It is not currently possible to correlate schema properties with unnamed, ordered parts in media types such as `multipart/mixed`, but implementations MAY choose to support such types when `Content-Disposition: form-data` is used with a `name` parameter. -Note that there are significant restrictions on what headers can be used with `multipart` media types in general ([RFC2046 §5.1](https://www.rfc-editor.org/rfc/rfc2046.html#section-5.1)) and `multi-part/form-data` in particular ([RFC7578 §4.8](https://www.rfc-editor.org/rfc/rfc7578.html#section-4.8)). +Note that there are significant restrictions on what headers can be used with `multipart` media types in general ([RFC2046](https://www.rfc-editor.org/rfc/rfc2046.html#section-5.1)) and `multi-part/form-data` in particular ([RFC7578](https://www.rfc-editor.org/rfc/rfc7578.html#section-4.8)). -Note also that `Content-Transfer-Encoding` is deprecated for `multipart/form-data` ([RFC7578 §4.7](https://www.rfc-editor.org/rfc/rfc7578.html#section-4.7)) where binary data is supported, as it is in HTTP. +Note also that `Content-Transfer-Encoding` is deprecated for `multipart/form-data` ([RFC7578](https://www.rfc-editor.org/rfc/rfc7578.html#section-4.7)) where binary data is supported, as it is in HTTP. Using `format: byte` for a multipart field is equivalent to specifying an [Encoding Object](#encodingObject) with a `headers` field containing `Content-Transfer-Encoding` with a schema that requires the value `base64`. If `format: byte` is used for a multipart field that has an Encoding Object with a `headers` field containing `Content-Transfer-Encoding` with a schema that disallows `base64`, the result is undefined for serialization and parsing. @@ -1835,7 +1835,7 @@ requestBody: ###### Example: Multipart Form with Multiple Files -In accordance with [RFC7578 §4.3](https://www.rfc-editor.org/rfc/rfc7578.html#section-4.3), multiple files for a single form field are uploaded using the same name (`file` in this example) for each file's part: +In accordance with [RFC7578](https://www.rfc-editor.org/rfc/rfc7578.html#section-4.3), multiple files for a single form field are uploaded using the same name (`file` in this example) for each file's part: ```yaml requestBody: @@ -3606,8 +3606,8 @@ animals: Defines a security scheme that can be used by the operations. -Supported schemes are HTTP authentication, an API key (either as a header, a cookie parameter or as a query parameter), OAuth2's common flows (implicit, password, client credentials and authorization code) as defined in [RFC6749](https://tools.ietf.org/html/rfc6749), and [OpenID Connect Core](https://openid.net/specs/openid-connect-core-1_0.html). -Please note that as of 2020, the implicit flow is about to be deprecated by [OAuth 2.0 Security Best Current Practice](https://tools.ietf.org/html/draft-ietf-oauth-security-topics). Recommended for most use case is Authorization Code Grant flow with PKCE. +Supported schemes are HTTP authentication, an API key (either as a header, a cookie parameter or as a query parameter), OAuth2's common flows (implicit, password, client credentials and authorization code) as defined in [RFC6749](https://tools.ietf.org/html/rfc6749), and [[OpenID Connect Core]]. +Please note that as of 2020, the implicit flow is about to be deprecated by [OAuth 2.0 Security Best Current Practice](https://tools.ietf.org/html/draft-ietf-oauth-security-topics). Recommended for most use cases is Authorization Code Grant flow with PKCE. ##### Fixed Fields Field Name | Type | Applies To | Description @@ -3619,7 +3619,7 @@ Field Name | Type | Applies To | Description scheme | `string` | `http` | **REQUIRED**. The name of the HTTP Authentication scheme to be used in the [Authorization header as defined in RFC7235](https://tools.ietf.org/html/rfc7235#section-5.1). The values used SHOULD be registered in the [IANA Authentication Scheme registry](https://www.iana.org/assignments/http-authschemes/http-authschemes.xhtml). The value is case-insensitive, as defined in [RFC7235](https://datatracker.ietf.org/doc/html/rfc7235#section-2.1). bearerFormat | `string` | `http` (`"bearer"`) | A hint to the client to identify how the bearer token is formatted. Bearer tokens are usually generated by an authorization server, so this information is primarily for documentation purposes. flows | [OAuth Flows Object](#oauthFlowsObject) | `oauth2` | **REQUIRED**. An object containing configuration information for the flow types supported. -openIdConnectUrl | `string` | `openIdConnect` | **REQUIRED**. [Well-known URL](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig) to discover the [OpenID provider metadata](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata). +openIdConnectUrl | `string` | `openIdConnect` | **REQUIRED**. [Well-known URL](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig) to discover the [[OpenID Connect Discovery]] [provider metadata](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata). This object MAY be extended with [Specification Extensions](#specificationExtensions). @@ -3946,7 +3946,7 @@ Field Pattern | Type | Description ---|:---:|--- ^x- | Any | Allows extensions to the OpenAPI Schema. The field name MUST begin with `x-`, for example, `x-internal-id`. The value can be any valid JSON value (`null`, a primitive, an array or an object.) -The OpenAPI Initiative maintains several [extension registries](https://spec.openapis.org/registry/index.html), including registries for [individual extension keywords](https://spec.openapis.org/registry/extension/) and [extension keyword namespaces](https://spec.openapis.org/registry/namespace/). +The OpenAPI Initiative maintains several [[OpenAPI-Registry|extension registries]], including registries for [individual extension keywords](https://spec.openapis.org/registry/extension/) and [extension keyword namespaces](https://spec.openapis.org/registry/namespace/). Extensions are one of the best ways to prove the viability of proposed additions to the specification. It is therefore RECOMMENDED that implementations be designed for extensibility to support community experimentation. @@ -3972,8 +3972,8 @@ Two examples of this: OpenAPI description documents use JSON, YAML, and JSON Schema, and therefore share their security considerations: - [JSON](https://www.iana.org/assignments/media-types/application/json) - [YAML](https://www.iana.org/assignments/media-types/application/yaml) -- [JSON Schema Core](https://json-schema.org/draft/2020-12/json-schema-core#section-13) -- [JSON Schema Validation](https://json-schema.org/draft/2020-12/json-schema-validation#name-security-considerations) +- [JSON Schema Core](https://datatracker.ietf.org/doc/html/draft-wright-json-schema-00#section-10) +- [JSON Schema Validation](https://datatracker.ietf.org/doc/html/draft-wright-json-schema-validation-00#section-8) ### Tooling and Usage Scenarios @@ -4022,8 +4022,8 @@ However, there is no general-purpose specification for converting schema-validat Two cases do offer standards-based guidance: -* [RFC3987 §3.1](https://datatracker.ietf.org/doc/html/rfc3987#section-3.1) provides guidance for converting non-Unicode strings to UTF-8, particularly in the context of URIs (and by extension, the form media types which use the same encoding rules) -* [RFC6570 §2.3](https://www.rfc-editor.org/rfc/rfc6570#section-2.3) specifies which values, including but not limited to `null`, are considered _undefined_ and therefore treated specially in the expansion process when serializing based on that specification +* [RFC3987](https://datatracker.ietf.org/doc/html/rfc3987#section-3.1) provides guidance for converting non-Unicode strings to UTF-8, particularly in the context of URIs (and by extension, the form media types which use the same encoding rules) +* [RFC6570](https://www.rfc-editor.org/rfc/rfc6570#section-2.3) specifies which values, including but not limited to `null`, are considered _undefined_ and therefore treated specially in the expansion process when serializing based on that specification Implementations of RFC6570 often have their own conventions for converting non-string values, but these are implementation-specific and not defined by the RFC itself. This is one reason for the OpenAPI Specification to leave these conversions as implementation-defined: It allows using RFC6570 implementations regardless of how they choose to perform the conversions. @@ -4322,7 +4322,7 @@ This means that while these three characters are reserved-but-allowed in query s ### Percent-Encoding and `form-data` -[RFC7578 §2](https://datatracker.ietf.org/doc/html/rfc7578#section-2) suggests RFC3986-based percent-encoding as a mechanism to keep text-based per-part header data such as file names within the ASCII character set. +[RFC7578](https://datatracker.ietf.org/doc/html/rfc7578#section-2) suggests RFC3986-based percent-encoding as a mechanism to keep text-based per-part header data such as file names within the ASCII character set. This suggestion was not part of older (pre-2015) specifications for `form-data`, so care must be taken to ensure interoperability. The `form-data` media type allows arbitrary text or binary data in its parts, so percent-encoding is not needed and is likely to cause interoperability problems unless the `Content-Type` of the part is defined to require it. @@ -4337,9 +4337,9 @@ This specification normatively cites the following relevant standards: Specification | Date | OAS Usage | Percent-Encoding | Notes ------------- | ---- | --------- | ----- | ----- -[RFC3986 URI Generic Syntax](https://datatracker.ietf.org/doc/html/rfc3986) | 01/2005 | URI/URL syntax | RFC3986 | obsoletes RFC1738, RFC2396 -[RFC6570 URI Template](https://datatracker.ietf.org/doc/html/rfc6570) | 03/2012 | style-based serialization | RFC3986 | does not use `+` for form‑urlencoded -[RFC1866 §8.2.1 form‑urlencoded](https://datatracker.ietf.org/doc/html/rfc1866#section-8.2.1) | 11/1995 | content-based serialization | RFC1738 | obsoleted by [HTML 4.01 §17.13.4.1](https://www.w3.org/TR/html401/interact/forms.html#h-17.13.4.1), [WHATWG URL §5](https://url.spec.whatwg.org/#urlencoded-serializing) +[[RFC3986]] | 01/2005 | URI/URL syntax | [[RFC3986]] | obsoletes [[RFC1738]], [[RFC2396]] +[[RFC6570]] | 03/2012 | style-based serialization | [[RFC3986]] | does not use `+` for form‑urlencoded +[RFC1866](https://datatracker.ietf.org/doc/html/rfc1866#section-8.2.1) | 11/1995 | content-based serialization | [[RFC1738]] | obsoleted by [[HTML401]] [Section 17.13.4.1](https://www.w3.org/TR/html401/interact/forms.html#h-17.13.4.1), [[URL]] [Section 5](https://url.spec.whatwg.org/#urlencoded-serializing) Style-based serialization is used in the [Parameter Object](#parameterObject) when `schema` is present, and in the [Encoding Object](#encodingObject) when at least one of `style`, `explode`, or `allowReserved` is present. See [Appendix C](#usingRFC6570Implementations) for more details of RFC6570's two different approaches to percent-encoding, including an example involving `+`. From 50cbb049aa7677122450eafbd1b7b641500552e9 Mon Sep 17 00:00:00 2001 From: Ralf Handl Date: Mon, 29 Jul 2024 10:24:19 +0200 Subject: [PATCH 163/251] Aligned JSON Schema URLs --- versions/3.0.4.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 1b3d5a8ea1..9470e4c5fb 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -3972,8 +3972,8 @@ Two examples of this: OpenAPI description documents use JSON, YAML, and JSON Schema, and therefore share their security considerations: - [JSON](https://www.iana.org/assignments/media-types/application/json) - [YAML](https://www.iana.org/assignments/media-types/application/yaml) -- [JSON Schema Core](https://datatracker.ietf.org/doc/html/draft-wright-json-schema-00#section-10) -- [JSON Schema Validation](https://datatracker.ietf.org/doc/html/draft-wright-json-schema-validation-00#section-8) +- [JSON Schema Core](https://tools.ietf.org/html/draft-wright-json-schema-00#section-10) +- [JSON Schema Validation](https://tools.ietf.org/html/draft-wright-json-schema-validation-00#section-8) ### Tooling and Usage Scenarios @@ -4013,7 +4013,7 @@ Version | Date | Notes Serializing typed data to plain text, which can occur in `text/plain` message bodies or `multipart` parts, as well as in the `application/x-www-form-urlencoded` format in either URL query strings or message bodies, involves significant implementation- or application-defined behavior. -Schema Objects validate data based on the [JSON Schema data model](https://datatracker.ietf.org/doc/html/draft-wright-json-schema-00#section-4.2), which only recognizes four primitive data types: strings (which are [only broadly interoperable as UTF-8](https://datatracker.ietf.org/doc/html/rfc7159#section-8.1)), numbers, booleans, and `null`. +Schema Objects validate data based on the [JSON Schema data model](https://tools.ietf.org/html/draft-wright-json-schema-00#section-4.2), which only recognizes four primitive data types: strings (which are [only broadly interoperable as UTF-8](https://datatracker.ietf.org/doc/html/rfc7159#section-8.1)), numbers, booleans, and `null`. Notably, integers are not a distinct type from other numbers, with `type: integer` being a convenience defined mathematically, rather than based on the presence or absence of a decimal point in any string representation. The [Parameter Object](#parameterObject), [Header Object](#headerObject) and [Encoding Object](#encodingObject) offer features to control how to arrange values from array or object types. From 8caa6bfeecd00abf4277e51071698e030a861d2d Mon Sep 17 00:00:00 2001 From: Ralf Handl Date: Mon, 29 Jul 2024 13:38:44 +0200 Subject: [PATCH 164/251] OpenID Connect: official Specref ID --- versions/3.0.4.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 9470e4c5fb..7ea46cd269 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -3606,7 +3606,7 @@ animals: Defines a security scheme that can be used by the operations. -Supported schemes are HTTP authentication, an API key (either as a header, a cookie parameter or as a query parameter), OAuth2's common flows (implicit, password, client credentials and authorization code) as defined in [RFC6749](https://tools.ietf.org/html/rfc6749), and [[OpenID Connect Core]]. +Supported schemes are HTTP authentication, an API key (either as a header, a cookie parameter or as a query parameter), OAuth2's common flows (implicit, password, client credentials and authorization code) as defined in [RFC6749](https://tools.ietf.org/html/rfc6749), and [[OpenID-Connect-Core]]. Please note that as of 2020, the implicit flow is about to be deprecated by [OAuth 2.0 Security Best Current Practice](https://tools.ietf.org/html/draft-ietf-oauth-security-topics). Recommended for most use cases is Authorization Code Grant flow with PKCE. ##### Fixed Fields @@ -3619,7 +3619,7 @@ Field Name | Type | Applies To | Description scheme | `string` | `http` | **REQUIRED**. The name of the HTTP Authentication scheme to be used in the [Authorization header as defined in RFC7235](https://tools.ietf.org/html/rfc7235#section-5.1). The values used SHOULD be registered in the [IANA Authentication Scheme registry](https://www.iana.org/assignments/http-authschemes/http-authschemes.xhtml). The value is case-insensitive, as defined in [RFC7235](https://datatracker.ietf.org/doc/html/rfc7235#section-2.1). bearerFormat | `string` | `http` (`"bearer"`) | A hint to the client to identify how the bearer token is formatted. Bearer tokens are usually generated by an authorization server, so this information is primarily for documentation purposes. flows | [OAuth Flows Object](#oauthFlowsObject) | `oauth2` | **REQUIRED**. An object containing configuration information for the flow types supported. -openIdConnectUrl | `string` | `openIdConnect` | **REQUIRED**. [Well-known URL](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig) to discover the [[OpenID Connect Discovery]] [provider metadata](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata). +openIdConnectUrl | `string` | `openIdConnect` | **REQUIRED**. [Well-known URL](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig) to discover the [[OpenID-Connect-Discovery]] [provider metadata](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata). This object MAY be extended with [Specification Extensions](#specificationExtensions). From 431e6c0e009b2414b3154b7a3aa3f3c60632ce90 Mon Sep 17 00:00:00 2001 From: Lorna Mitchell Date: Thu, 1 Aug 2024 19:30:05 +0100 Subject: [PATCH 165/251] Run prettier to format the markdown --- versions/3.0.4.md | 1302 ++++++++++++++++++++++----------------------- 1 file changed, 644 insertions(+), 658 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 7ea46cd269..4cfe7066a3 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -17,61 +17,62 @@ For examples of OpenAPI usage and additional documentation, please visit [[?Open For extension registries and other specifications published by the OpenAPI Initiative, as well as the authoritative rendering of this specification, please visit [spec.openapis.org](https://spec.openapis.org/). ## Table of Contents + - [Definitions](#definitions) - - [OpenAPI Description](#oasDocument) - - [Path Templating](#pathTemplating) - - [Media Types](#mediaTypes) - - [HTTP Status Codes](#httpCodes) + - [OpenAPI Description](#oasDocument) + - [Path Templating](#pathTemplating) + - [Media Types](#mediaTypes) + - [HTTP Status Codes](#httpCodes) - [Specification](#specification) - - [Versions](#versions) - - [Format](#format) - - [OpenAPI Description Structure](#documentStructure) - - [Data Types](#dataTypes) - - [Rich Text Formatting](#richText) - - [Relative References In URLs](#relativeReferences) - - [Schema](#schema) - - [OpenAPI Object](#oasObject) - - [Info Object](#infoObject) - - [Contact Object](#contactObject) - - [License Object](#licenseObject) - - [Server Object](#serverObject) - - [Server Variable Object](#serverVariableObject) - - [Components Object](#componentsObject) - - [Paths Object](#pathsObject) - - [Path Item Object](#pathItemObject) - - [Operation Object](#operationObject) - - [External Documentation Object](#externalDocumentationObject) - - [Parameter Object](#parameterObject) - - [Request Body Object](#requestBodyObject) - - [Media Type Object](#mediaTypeObject) - - [Encoding Object](#encodingObject) - - [Responses Object](#responsesObject) - - [Response Object](#responseObject) - - [Callback Object](#callbackObject) - - [Example Object](#exampleObject) - - [Link Object](#linkObject) - - [Header Object](#headerObject) - - [Tag Object](#tagObject) - - [Reference Object](#referenceObject) - - [Schema Object](#schemaObject) - - [Discriminator Object](#discriminatorObject) - - [XML Object](#xmlObject) - - [Security Scheme Object](#securitySchemeObject) - - [OAuth Flows Object](#oauthFlowsObject) - - [OAuth Flow Object](#oauthFlowObject) - - [Security Requirement Object](#securityRequirementObject) - - [Specification Extensions](#specificationExtensions) - - [Security Filtering](#securityFiltering) + - [Versions](#versions) + - [Format](#format) + - [OpenAPI Description Structure](#documentStructure) + - [Data Types](#dataTypes) + - [Rich Text Formatting](#richText) + - [Relative References In URLs](#relativeReferences) + - [Schema](#schema) + - [OpenAPI Object](#oasObject) + - [Info Object](#infoObject) + - [Contact Object](#contactObject) + - [License Object](#licenseObject) + - [Server Object](#serverObject) + - [Server Variable Object](#serverVariableObject) + - [Components Object](#componentsObject) + - [Paths Object](#pathsObject) + - [Path Item Object](#pathItemObject) + - [Operation Object](#operationObject) + - [External Documentation Object](#externalDocumentationObject) + - [Parameter Object](#parameterObject) + - [Request Body Object](#requestBodyObject) + - [Media Type Object](#mediaTypeObject) + - [Encoding Object](#encodingObject) + - [Responses Object](#responsesObject) + - [Response Object](#responseObject) + - [Callback Object](#callbackObject) + - [Example Object](#exampleObject) + - [Link Object](#linkObject) + - [Header Object](#headerObject) + - [Tag Object](#tagObject) + - [Reference Object](#referenceObject) + - [Schema Object](#schemaObject) + - [Discriminator Object](#discriminatorObject) + - [XML Object](#xmlObject) + - [Security Scheme Object](#securitySchemeObject) + - [OAuth Flows Object](#oauthFlowsObject) + - [OAuth Flow Object](#oauthFlowObject) + - [Security Requirement Object](#securityRequirementObject) + - [Specification Extensions](#specificationExtensions) + - [Security Filtering](#securityFiltering) - [Appendix A: Revision History](#revisionHistory) - ## Definitions ##### OpenAPI Description + An OpenAPI Description (OAD) formally describes the surface of an API and its semantics. It is composed of an [entry document](#documentStructure) and any/all of its referenced documents. An OAD uses and conforms to the OpenAPI Specification. ##### Schema @@ -81,15 +82,18 @@ This document serves as the [schema](#schema) for the OpenAPI Specification form This specification also _uses_ schemas in the form of the [Schema Object](#schemaObject). ##### Path Templating + Path templating refers to the usage of template expressions, delimited by curly braces (`{}`), to mark a section of a URL path as replaceable using path parameters. Each template expression in the path MUST correspond to a path parameter that is included in the [Path Item](#path-item-object) itself and/or in each of the Path Item's [Operations](#operation-object). ##### Media Types + Media type definitions are spread across several resources. The media type definitions SHOULD be in compliance with [RFC6838](https://tools.ietf.org/html/rfc6838). Some examples of possible media type definitions: + ``` text/plain; charset=utf-8 application/json @@ -102,8 +106,10 @@ Some examples of possible media type definitions: application/vnd.github.v3.diff application/vnd.github.v3.patch ``` + ##### HTTP Status Codes -The HTTP Status Codes are used to indicate the status of the executed operation. + +The HTTP Status Codes are used to indicate the status of the executed operation. Status codes SHOULD be selected from the available status codes registered in the [IANA Status Code Registry](https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml). ##### HTTP and Case Sensitivity @@ -128,7 +134,7 @@ Unlike undefined behavior, it is safe to rely on implementation-defined behavior ### Versions -The OpenAPI Specification is versioned using a `major`.`minor`.`patch` versioning scheme. The `major`.`minor` portion of the version string (for example `3.1`) SHALL designate the OAS feature set. *`.patch`* versions address errors in, or provide clarifications to, this document, not the feature set. Tooling which supports OAS 3.1 SHOULD be compatible with all OAS 3.1.\* versions. The patch version SHOULD NOT be considered by tooling, making no distinction between `3.1.0` and `3.1.1` for example. +The OpenAPI Specification is versioned using a `major`.`minor`.`patch` versioning scheme. The `major`.`minor` portion of the version string (for example `3.1`) SHALL designate the OAS feature set. _`.patch`_ versions address errors in, or provide clarifications to, this document, not the feature set. Tooling which supports OAS 3.1 SHOULD be compatible with all OAS 3.1.\* versions. The patch version SHOULD NOT be considered by tooling, making no distinction between `3.1.0` and `3.1.1` for example. Occasionally, non-backwards compatible changes may be made in `minor` versions of the OAS where impact is believed to be low relative to the benefit provided. @@ -145,12 +151,13 @@ For example, if a field has an array value, the JSON array representation will b "field": [1, 2, 3] } ``` + All field names in the specification are **case sensitive**. This includes all fields that are used as keys in a map, except where explicitly noted that keys are **case insensitive**. The [schema](#schema) exposes two types of fields: Fixed fields, which have a declared name, and Patterned fields, which declare a regex pattern for the field name. -Patterned fields MUST have unique names within the containing object. +Patterned fields MUST have unique names within the containing object. In order to preserve the ability to round-trip between YAML and JSON formats, YAML version [1.2](https://yaml.org/spec/1.2/spec.html) is RECOMMENDED along with some additional constraints: @@ -170,13 +177,13 @@ It is RECOMMENDED that the entry OpenAPI document be named: `openapi.json` or `o #### Structural Interoperability -When parsing an OAD, JSON or YAML objects are parsed into specific Objects (such as [Operation Objects](#operationObject), [Response Objects](#responseObject), [Reference Objects](#referenceObject), etc.) based on the parsing context. Depending on how references are arranged, a given JSON or YAML object can be parsed in multiple different contexts: +When parsing an OAD, JSON or YAML objects are parsed into specific Objects (such as [Operation Objects](#operationObject), [Response Objects](#responseObject), [Reference Objects](#referenceObject), etc.) based on the parsing context. Depending on how references are arranged, a given JSON or YAML object can be parsed in multiple different contexts: -* As a complete OpenAPI Description document -* As the Object type implied by its parent Object within the document -* As a reference target, with the Object type matching the reference source's context +- As a complete OpenAPI Description document +- As the Object type implied by its parent Object within the document +- As a reference target, with the Object type matching the reference source's context -If the same JSON/YAML object is parsed multiple times and the respective contexts require it to be parsed as _different_ Object types, the resulting behavior is _implementation defined_, and MAY be treated as an error if detected. An example would be referencing an empty Schema Object under `#/components/schemas` where a Path Item Object is expected, as an empty object is valid for both types. For maximum interoperability, it is RECOMMENDED that OpenAPI Description authors avoid such scenarios. +If the same JSON/YAML object is parsed multiple times and the respective contexts require it to be parsed as _different_ Object types, the resulting behavior is _implementation defined_, and MAY be treated as an error if detected. An example would be referencing an empty Schema Object under `#/components/schemas` where a Path Item Object is expected, as an empty object is valid for both types. For maximum interoperability, it is RECOMMENDED that OpenAPI Description authors avoid such scenarios. #### Resolving Implicit Connections @@ -185,12 +192,12 @@ Several features of this specification require resolution of non-URI-based conne These connections are unambiguously resolved in single-document OADs, but the resolution process in multi-document OADs is _implementation-defined_, within the constraints described in this section. In some cases, an unambiguous URI-based alternative is available, and OAD authors are RECOMMENDED to always use the alternative: -Source | Target | Alternative ------- | ------ | ----------- -[Security Requirement Object](#securityRequirementObject) `{name}` | [Security Scheme Object](#securitySchemeObject) name under the [Components Object](#componentsObject) | _n/a_ -[Discriminator Object](#discriminatorObject) `mapping` _(implicit, or explicit name syntax)_ | [Schema Object](#schemaObject) name under the Components Object | `mapping` _(explicit URI syntax)_ -[Operation Object](#operationObject) `tags` | [Tag Object](#tagObject) `name` (in the Components Object) | _n/a_ -[Link Object](#linkObject) `operationId` | [Path Item Object](#pathItemObject) `operationId` | `operationRef` +| Source | Target | Alternative | +| -------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------- | --------------------------------- | +| [Security Requirement Object](#securityRequirementObject) `{name}` | [Security Scheme Object](#securitySchemeObject) name under the [Components Object](#componentsObject) | _n/a_ | +| [Discriminator Object](#discriminatorObject) `mapping` _(implicit, or explicit name syntax)_ | [Schema Object](#schemaObject) name under the Components Object | `mapping` _(explicit URI syntax)_ | +| [Operation Object](#operationObject) `tags` | [Tag Object](#tagObject) `name` (in the Components Object) | _n/a_ | +| [Link Object](#linkObject) `operationId` | [Path Item Object](#pathItemObject) `operationId` | `operationRef` | A fifth implicit connection involves appending the templated URL paths of the [Paths Object](#pathsObject) to the appropriate [Server Object](#serverObject)'s `url` field. This is unambiguous because only the entry document's Paths Object contributes URLs to the described API. @@ -219,7 +226,7 @@ Note that no aspect of implicit connection resolution changes how [URLs are reso ### Data Types Data types in the OAS are based on the types supported by the [JSON Schema Specification Wright Draft 00](https://tools.ietf.org/html/draft-wright-json-schema-00#section-4.2). -Note that `integer` as a type is also supported and is defined as a JSON number without a fraction or exponent part. +Note that `integer` as a type is also supported and is defined as a JSON number without a fraction or exponent part. `null` is not supported as a type (see [`nullable`](#schemaNullable) for an alternative solution). Models are defined using the [Schema Object](#schemaObject), which is an extended subset of JSON Schema Specification Wright Draft 00. @@ -227,43 +234,43 @@ Models are defined using the [Schema Object](#schemaObject), which is an extende OAS uses several known formats to define in fine detail the data type being used. However, to support documentation needs, the `format` property is an open `string`-valued property, and can have any value. Formats such as `"email"`, `"uuid"`, and so on, MAY be used even though they are not defined by this specification. -The OpenAPI Initiative also hosts a [Format Registry](https://spec.openapis.org/registry/format/) for formats defined by OAS users and other specifications. Support for any registered format is strictly OPTIONAL, and support for one registered format does not imply support for any others. +The OpenAPI Initiative also hosts a [Format Registry](https://spec.openapis.org/registry/format/) for formats defined by OAS users and other specifications. Support for any registered format is strictly OPTIONAL, and support for one registered format does not imply support for any others. Types that are not accompanied by a `format` property follow the type definition in the JSON Schema. Tools that do not recognize a specific `format` MAY default back to the `type` alone, as if the `format` is not specified. The formats defined by the OAS are: -[`type`](#dataTypes) | [`format`](#dataTypeFormat) | Comments ------- | -------- | -------- -`integer` | `int32` | signed 32 bits -`integer` | `int64` | signed 64 bits (a.k.a long) -`number` | `float` | | -`number` | `double` | | -`string` | `byte` | base64 encoded characters - [RFC4648](https://www.rfc-editor.org/rfc/rfc4648#section-4) -`string` | `binary` | any sequence of octets -`string` | `date` | As defined by `full-date` - [RFC3339](https://www.rfc-editor.org/rfc/rfc3339#section-5.6) -`string` | `date-time` | As defined by `date-time` - [RFC3339](https://www.rfc-editor.org/rfc/rfc3339#section-5.6) -`string` | `password` | A hint to obscure the value. +| [`type`](#dataTypes) | [`format`](#dataTypeFormat) | Comments | +| -------------------- | --------------------------- | ----------------------------------------------------------------------------------------- | +| `integer` | `int32` | signed 32 bits | +| `integer` | `int64` | signed 64 bits (a.k.a long) | +| `number` | `float` | | +| `number` | `double` | | +| `string` | `byte` | base64 encoded characters - [RFC4648](https://www.rfc-editor.org/rfc/rfc4648#section-4) | +| `string` | `binary` | any sequence of octets | +| `string` | `date` | As defined by `full-date` - [RFC3339](https://www.rfc-editor.org/rfc/rfc3339#section-5.6) | +| `string` | `date-time` | As defined by `date-time` - [RFC3339](https://www.rfc-editor.org/rfc/rfc3339#section-5.6) | +| `string` | `password` | A hint to obscure the value. | #### Working With Binary Data Two formats, `binary` and `byte`, describe different ways to work with binary data: -* `binary` is used where unencoded binary data is allowed, such as when sending a binary payload as an HTTP message body, or as part of a `multipart/*` payload that allows binary parts -* `byte` is used where binary data is embedded in a text-only format such as `application/json` or `application/x-www-form-urlencoded` +- `binary` is used where unencoded binary data is allowed, such as when sending a binary payload as an HTTP message body, or as part of a `multipart/*` payload that allows binary parts +- `byte` is used where binary data is embedded in a text-only format such as `application/json` or `application/x-www-form-urlencoded` -The `maxLength` keyword MAY be used to set an expected upper bound on the length of a streaming payload. The keyword can be applied to either string data, including encoded binary data, or to unencoded binary data. For unencoded binary, the length is the number of octets. +The `maxLength` keyword MAY be used to set an expected upper bound on the length of a streaming payload. The keyword can be applied to either string data, including encoded binary data, or to unencoded binary data. For unencoded binary, the length is the number of octets. Note that the encoding indicated by `byte`, which inflates the size of data in order to represent it as 7-bit ASCII text, is unrelated to HTTP's `Content-Encoding` header, which indicates whether and how a message body has been compressed. ### Rich Text Formatting + Throughout the specification `description` fields are noted as supporting CommonMark markdown formatting. -Where OpenAPI tooling renders rich text it MUST support, at a minimum, markdown syntax as described by [CommonMark 0.27](https://spec.commonmark.org/0.27/). Tooling MAY choose to ignore some CommonMark or extension features to address security concerns. +Where OpenAPI tooling renders rich text it MUST support, at a minimum, markdown syntax as described by [CommonMark 0.27](https://spec.commonmark.org/0.27/). Tooling MAY choose to ignore some CommonMark or extension features to address security concerns. While the framing of CommonMark 0.27 as a minimum requirement means that tooling MAY choose to implement extensions on top of it, note that any such extensions are by definition implementation-defined and will not be interoperable. OpenAPI Description authors SHOULD consider how text using such extensions will be rendered by tools that offer only the minimum support. - ### Relative References in URLs Unless specified otherwise, all properties that are URLs MAY be relative references as defined by [RFC3986](https://tools.ietf.org/html/rfc3986#section-4.2). @@ -288,16 +295,16 @@ This is the root object of the [OpenAPI document](#oasDocument). ##### Fixed Fields -Field Name | Type | Description ----|:---:|--- -openapi | `string` | **REQUIRED**. This string MUST be the [version number](#versions) of the OpenAPI Specification that the OpenAPI document uses. The `openapi` field SHOULD be used by tooling to interpret the OpenAPI document. This is *not* related to the API [`info.version`](#infoVersion) string. -info | [Info Object](#infoObject) | **REQUIRED**. Provides metadata about the API. The metadata MAY be used by tooling as required. -servers | [[Server Object](#serverObject)] | An array of Server Objects, which provide connectivity information to a target server. If the `servers` property is not provided, or is an empty array, the default value would be a [Server Object](#serverObject) with a [url](#serverUrl) value of `/`. -paths | [Paths Object](#pathsObject) | **REQUIRED**. The available paths and operations for the API. -components | [Components Object](#componentsObject) | An element to hold various schemas for the document. -security | [[Security Requirement Object](#securityRequirementObject)] | A declaration of which security mechanisms can be used across the API. The list of values includes alternative security requirement objects that can be used. Only one of the security requirement objects need to be satisfied to authorize a request. Individual operations can override this definition. To make security optional, an empty security requirement (`{}`) can be included in the array. -tags | [[Tag Object](#tagObject)] | A list of tags used by the document with additional metadata. The order of the tags can be used to reflect on their order by the parsing tools. Not all tags that are used by the [Operation Object](#operationObject) must be declared. The tags that are not declared MAY be organized randomly or based on the tools' logic. Each tag name in the list MUST be unique. -externalDocs | [External Documentation Object](#externalDocumentationObject) | Additional external documentation. +| Field Name | Type | Description | +| ------------------------------------------ | :-----------------------------------------------------------: | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| openapi | `string` | **REQUIRED**. This string MUST be the [version number](#versions) of the OpenAPI Specification that the OpenAPI document uses. The `openapi` field SHOULD be used by tooling to interpret the OpenAPI document. This is _not_ related to the API [`info.version`](#infoVersion) string. | +| info | [Info Object](#infoObject) | **REQUIRED**. Provides metadata about the API. The metadata MAY be used by tooling as required. | +| servers | [[Server Object](#serverObject)] | An array of Server Objects, which provide connectivity information to a target server. If the `servers` property is not provided, or is an empty array, the default value would be a [Server Object](#serverObject) with a [url](#serverUrl) value of `/`. | +| paths | [Paths Object](#pathsObject) | **REQUIRED**. The available paths and operations for the API. | +| components | [Components Object](#componentsObject) | An element to hold various schemas for the document. | +| security | [[Security Requirement Object](#securityRequirementObject)] | A declaration of which security mechanisms can be used across the API. The list of values includes alternative security requirement objects that can be used. Only one of the security requirement objects need to be satisfied to authorize a request. Individual operations can override this definition. To make security optional, an empty security requirement (`{}`) can be included in the array. | +| tags | [[Tag Object](#tagObject)] | A list of tags used by the document with additional metadata. The order of the tags can be used to reflect on their order by the parsing tools. Not all tags that are used by the [Operation Object](#operationObject) must be declared. The tags that are not declared MAY be organized randomly or based on the tools' logic. Each tag name in the list MUST be unique. | +| externalDocs | [External Documentation Object](#externalDocumentationObject) | Additional external documentation. | This object MAY be extended with [Specification Extensions](#specificationExtensions). @@ -308,15 +315,14 @@ The metadata MAY be used by the clients if needed, and MAY be presented in editi ##### Fixed Fields -Field Name | Type | Description ----|:---:|--- -title | `string` | **REQUIRED**. The title of the API. -description | `string` | A description of the API. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. -termsOfService | `string` | A URL for the Terms of Service for the API. This MUST be in the form of a URL. -contact | [Contact Object](#contactObject) | The contact information for the exposed API. -license | [License Object](#licenseObject) | The license information for the exposed API. -version | `string` | **REQUIRED**. The version of the OpenAPI document (which is distinct from the [OpenAPI Specification version](#oasVersion) or the version of the API being described). - +| Field Name | Type | Description | +| ----------------------------------------------- | :------------------------------: | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| title | `string` | **REQUIRED**. The title of the API. | +| description | `string` | A description of the API. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | +| termsOfService | `string` | A URL for the Terms of Service for the API. This MUST be in the form of a URL. | +| contact | [Contact Object](#contactObject) | The contact information for the exposed API. | +| license | [License Object](#licenseObject) | The license information for the exposed API. | +| version | `string` | **REQUIRED**. The version of the OpenAPI document (which is distinct from the [OpenAPI Specification version](#oasVersion) or the version of the API being described). | This object MAY be extended with [Specification Extensions](#specificationExtensions). @@ -360,11 +366,11 @@ Contact information for the exposed API. ##### Fixed Fields -Field Name | Type | Description ----|:---:|--- -name | `string` | The identifying name of the contact person/organization. -url | `string` | The URL for the contact information. This MUST be in the form of a URL. -email | `string` | The email address of the contact person/organization. This MUST be in the form of an email address. +| Field Name | Type | Description | +| -------------------------------- | :------: | --------------------------------------------------------------------------------------------------- | +| name | `string` | The identifying name of the contact person/organization. | +| url | `string` | The URL for the contact information. This MUST be in the form of a URL. | +| email | `string` | The email address of the contact person/organization. This MUST be in the form of an email address. | This object MAY be extended with [Specification Extensions](#specificationExtensions). @@ -390,10 +396,10 @@ License information for the exposed API. ##### Fixed Fields -Field Name | Type | Description ----|:---:|--- -name | `string` | **REQUIRED**. The license name used for the API. -url | `string` | A URL for the license used for the API. This MUST be in the form of a URL. +| Field Name | Type | Description | +| ------------------------------ | :------: | -------------------------------------------------------------------------- | +| name | `string` | **REQUIRED**. The license name used for the API. | +| url | `string` | A URL for the license used for the API. This MUST be in the form of a URL. | This object MAY be extended with [Specification Extensions](#specificationExtensions). @@ -417,11 +423,11 @@ An object representing a Server. ##### Fixed Fields -Field Name | Type | Description ----|:---:|--- -url | `string` | **REQUIRED**. A URL to the target host. This URL supports Server Variables and MAY be relative, to indicate that the host location is relative to the location where the OpenAPI document is being served. Variable substitutions will be made when a variable is named in `{`brackets`}`. -description | `string` | An optional string describing the host designated by the URL. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. -variables | Map[`string`, [Server Variable Object](#serverVariableObject)] | A map between a variable name and its value. The value is used for substitution in the server's URL template. +| Field Name | Type | Description | +| ------------------------------------------- | :------------------------------------------------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| url | `string` | **REQUIRED**. A URL to the target host. This URL supports Server Variables and MAY be relative, to indicate that the host location is relative to the location where the OpenAPI document is being served. Variable substitutions will be made when a variable is named in `{`brackets`}`. | +| description | `string` | An optional string describing the host designated by the URL. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | +| variables | Map[`string`, [Server Variable Object](#serverVariableObject)] | A map between a variable name and its value. The value is used for substitution in the server's URL template. | This object MAY be extended with [Specification Extensions](#specificationExtensions). @@ -464,12 +470,12 @@ The following shows how multiple servers can be described, for example, at the O ```yaml servers: -- url: https://development.gigantic-server.com/v1 - description: Development server -- url: https://staging.gigantic-server.com/v1 - description: Staging server -- url: https://api.gigantic-server.com/v1 - description: Production server + - url: https://development.gigantic-server.com/v1 + description: Development server + - url: https://staging.gigantic-server.com/v1 + description: Staging server + - url: https://api.gigantic-server.com/v1 + description: Production server ``` The following shows how variables can be used for a server configuration: @@ -486,10 +492,7 @@ The following shows how variables can be used for a server configuration: "description": "this value is assigned by the service provider, in this example `gigantic-server.com`" }, "port": { - "enum": [ - "8443", - "443" - ], + "enum": ["8443", "443"], "default": "8443" }, "basePath": { @@ -503,35 +506,34 @@ The following shows how variables can be used for a server configuration: ```yaml servers: -- url: https://{username}.gigantic-server.com:{port}/{basePath} - description: The production API server - variables: - username: - # note! no enum here means it is an open value - default: demo - description: this value is assigned by the service provider, in this example `gigantic-server.com` - port: - enum: - - '8443' - - '443' - default: '8443' - basePath: - # open meaning there is the opportunity to use special base paths as assigned by the provider, default is `v2` - default: v2 + - url: https://{username}.gigantic-server.com:{port}/{basePath} + description: The production API server + variables: + username: + # note! no enum here means it is an open value + default: demo + description: this value is assigned by the service provider, in this example `gigantic-server.com` + port: + enum: + - '8443' + - '443' + default: '8443' + basePath: + # open meaning there is the opportunity to use special base paths as assigned by the provider, default is `v2` + default: v2 ``` - #### Server Variable Object An object representing a Server Variable for server URL template substitution. ##### Fixed Fields -Field Name | Type | Description ----|:---:|--- -enum | [`string`] | An enumeration of string values to be used if the substitution options are from a limited set. The array SHOULD NOT be empty. -default | `string` | **REQUIRED**. The default value to use for substitution, which SHALL be sent if an alternate value is _not_ supplied. Note this behavior is different than the [Schema Object's](#schemaObject) treatment of default values, because in those cases parameter values are optional. If the [`enum`](#serverVariableEnum) is defined, the value SHOULD exist in the enum's values. -description | `string` | An optional description for the server variable. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. +| Field Name | Type | Description | +| --------------------------------------------------- | :--------: | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| enum | [`string`] | An enumeration of string values to be used if the substitution options are from a limited set. The array SHOULD NOT be empty. | +| default | `string` | **REQUIRED**. The default value to use for substitution, which SHALL be sent if an alternate value is _not_ supplied. Note this behavior is different than the [Schema Object's](#schemaObject) treatment of default values, because in those cases parameter values are optional. If the [`enum`](#serverVariableEnum) is defined, the value SHOULD exist in the enum's values. | +| description | `string` | An optional description for the server variable. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | This object MAY be extended with [Specification Extensions](#specificationExtensions). @@ -540,20 +542,19 @@ This object MAY be extended with [Specification Extensions](#specificationExtens Holds a set of reusable objects for different aspects of the OAS. All objects defined within the components object will have no effect on the API unless they are explicitly referenced from properties outside the components object. - ##### Fixed Fields -Field Name | Type | Description ----|:---|--- - schemas | Map[`string`, [Schema Object](#schemaObject) \| [Reference Object](#referenceObject)] | An object to hold reusable [Schema Objects](#schemaObject). - responses | Map[`string`, [Response Object](#responseObject) \| [Reference Object](#referenceObject)] | An object to hold reusable [Response Objects](#responseObject). - parameters | Map[`string`, [Parameter Object](#parameterObject) \| [Reference Object](#referenceObject)] | An object to hold reusable [Parameter Objects](#parameterObject). - examples | Map[`string`, [Example Object](#exampleObject) \| [Reference Object](#referenceObject)] | An object to hold reusable [Example Objects](#exampleObject). - requestBodies | Map[`string`, [Request Body Object](#requestBodyObject) \| [Reference Object](#referenceObject)] | An object to hold reusable [Request Body Objects](#requestBodyObject). - headers | Map[`string`, [Header Object](#headerObject) \| [Reference Object](#referenceObject)] | An object to hold reusable [Header Objects](#headerObject). - securitySchemes| Map[`string`, [Security Scheme Object](#securitySchemeObject) \| [Reference Object](#referenceObject)] | An object to hold reusable [Security Scheme Objects](#securitySchemeObject). - links | Map[`string`, [Link Object](#linkObject) \| [Reference Object](#referenceObject)] | An object to hold reusable [Link Objects](#linkObject). - callbacks | Map[`string`, [Callback Object](#callbackObject) \| [Reference Object](#referenceObject)] | An object to hold reusable [Callback Objects](#callbackObject). +| Field Name | Type | Description | +| -------------------------------------------------------- | :----------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------- | +| schemas | Map[`string`, [Schema Object](#schemaObject) \| [Reference Object](#referenceObject)] | An object to hold reusable [Schema Objects](#schemaObject). | +| responses | Map[`string`, [Response Object](#responseObject) \| [Reference Object](#referenceObject)] | An object to hold reusable [Response Objects](#responseObject). | +| parameters | Map[`string`, [Parameter Object](#parameterObject) \| [Reference Object](#referenceObject)] | An object to hold reusable [Parameter Objects](#parameterObject). | +| examples | Map[`string`, [Example Object](#exampleObject) \| [Reference Object](#referenceObject)] | An object to hold reusable [Example Objects](#exampleObject). | +| requestBodies | Map[`string`, [Request Body Object](#requestBodyObject) \| [Reference Object](#referenceObject)] | An object to hold reusable [Request Body Objects](#requestBodyObject). | +| headers | Map[`string`, [Header Object](#headerObject) \| [Reference Object](#referenceObject)] | An object to hold reusable [Header Objects](#headerObject). | +| securitySchemes | Map[`string`, [Security Scheme Object](#securitySchemeObject) \| [Reference Object](#referenceObject)] | An object to hold reusable [Security Scheme Objects](#securitySchemeObject). | +| links | Map[`string`, [Link Object](#linkObject) \| [Reference Object](#referenceObject)] | An object to hold reusable [Link Objects](#linkObject). | +| callbacks | Map[`string`, [Callback Object](#callbackObject) \| [Reference Object](#referenceObject)] | An object to hold reusable [Callback Objects](#callbackObject). | This object MAY be extended with [Specification Extensions](#specificationExtensions). @@ -746,13 +747,13 @@ components: #### Paths Object Holds the relative paths to the individual endpoints and their operations. -The path is appended to the URL from the [Server Object](#serverObject) in order to construct the full URL. The Paths Object MAY be empty, due to [Access Control List (ACL) constraints](#securityFiltering). +The path is appended to the URL from the [Server Object](#serverObject) in order to construct the full URL. The Paths Object MAY be empty, due to [Access Control List (ACL) constraints](#securityFiltering). ##### Patterned Fields -Field Pattern | Type | Description ----|:---:|--- -/{path} | [Path Item Object](#pathItemObject) | A relative path to an individual endpoint. The field name MUST begin with a forward slash (`/`). The path is **appended** (no relative URL resolution) to the expanded URL from the [Server Object](#serverObject)'s `url` field in order to construct the full URL. [Path templating](#pathTemplating) is allowed. When matching URLs, concrete (non-templated) paths would be matched before their templated counterparts. Templated paths with the same hierarchy but different templated names MUST NOT exist as they are identical. In case of ambiguous matching, it's up to the tooling to decide which one to use. +| Field Pattern | Type | Description | +| ------------------------------- | :---------------------------------: | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| /{path} | [Path Item Object](#pathItemObject) | A relative path to an individual endpoint. The field name MUST begin with a forward slash (`/`). The path is **appended** (no relative URL resolution) to the expanded URL from the [Server Object](#serverObject)'s `url` field in order to construct the full URL. [Path templating](#pathTemplating) is allowed. When matching URLs, concrete (non-templated) paths would be matched before their templated counterparts. Templated paths with the same hierarchy but different templated names MUST NOT exist as they are identical. In case of ambiguous matching, it's up to the tooling to decide which one to use. | This object MAY be extended with [Specification Extensions](#specificationExtensions). @@ -829,22 +830,21 @@ The path itself is still exposed to the documentation viewer but they will not k ##### Fixed Fields -Field Name | Type | Description ----|:---:|--- -$ref | `string` | Allows for a referenced definition of this path item. The value MUST be in the form of a URL, and the referenced structure MUST be in the form of a [Path Item Object](#pathItemObject). In case a Path Item Object field appears both in the defined object and the referenced object, the behavior is undefined. See the rules for resolving [Relative References](#relativeReferences). -summary| `string` | An optional string summary, intended to apply to all operations in this path. -description | `string` | An optional string description, intended to apply to all operations in this path. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. -get | [Operation Object](#operationObject) | A definition of a GET operation on this path. -put | [Operation Object](#operationObject) | A definition of a PUT operation on this path. -post | [Operation Object](#operationObject) | A definition of a POST operation on this path. -delete | [Operation Object](#operationObject) | A definition of a DELETE operation on this path. -options | [Operation Object](#operationObject) | A definition of a OPTIONS operation on this path. -head | [Operation Object](#operationObject) | A definition of a HEAD operation on this path. -patch | [Operation Object](#operationObject) | A definition of a PATCH operation on this path. -trace | [Operation Object](#operationObject) | A definition of a TRACE operation on this path. -servers | [[Server Object](#serverObject)] | An alternative `server` array to service all operations in this path. If an alternative server object is specified at the Root level, it will be overridden by this value. -parameters | [[Parameter Object](#parameterObject) \| [Reference Object](#referenceObject)] | A list of parameters that are applicable for all the operations described under this path. These parameters can be overridden at the operation level, but cannot be removed there. The list MUST NOT include duplicated parameters. A unique parameter is defined by a combination of a [name](#parameterName) and [location](#parameterIn). The list can use the [Reference Object](#referenceObject) to link to parameters that are defined at the [OpenAPI Object's components/parameters](#componentsParameters). - +| Field Name | Type | Description | +| --------------------------------------------- | :----------------------------------------------------------------------------: | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| $ref | `string` | Allows for a referenced definition of this path item. The value MUST be in the form of a URL, and the referenced structure MUST be in the form of a [Path Item Object](#pathItemObject). In case a Path Item Object field appears both in the defined object and the referenced object, the behavior is undefined. See the rules for resolving [Relative References](#relativeReferences). | +| summary | `string` | An optional string summary, intended to apply to all operations in this path. | +| description | `string` | An optional string description, intended to apply to all operations in this path. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | +| get | [Operation Object](#operationObject) | A definition of a GET operation on this path. | +| put | [Operation Object](#operationObject) | A definition of a PUT operation on this path. | +| post | [Operation Object](#operationObject) | A definition of a POST operation on this path. | +| delete | [Operation Object](#operationObject) | A definition of a DELETE operation on this path. | +| options | [Operation Object](#operationObject) | A definition of a OPTIONS operation on this path. | +| head | [Operation Object](#operationObject) | A definition of a HEAD operation on this path. | +| patch | [Operation Object](#operationObject) | A definition of a PATCH operation on this path. | +| trace | [Operation Object](#operationObject) | A definition of a TRACE operation on this path. | +| servers | [[Server Object](#serverObject)] | An alternative `server` array to service all operations in this path. If an alternative server object is specified at the Root level, it will be overridden by this value. | +| parameters | [[Parameter Object](#parameterObject) \| [Reference Object](#referenceObject)] | A list of parameters that are applicable for all the operations described under this path. These parameters can be overridden at the operation level, but cannot be removed there. The list MUST NOT include duplicated parameters. A unique parameter is defined by a combination of a [name](#parameterName) and [location](#parameterIn). The list can use the [Reference Object](#referenceObject) to link to parameters that are defined at the [OpenAPI Object's components/parameters](#componentsParameters). | This object MAY be extended with [Specification Extensions](#specificationExtensions). @@ -921,15 +921,15 @@ get: schema: $ref: '#/components/schemas/ErrorModel' parameters: -- name: id - in: path - description: ID of pet to use - required: true - schema: - type: array - items: - type: string - style: simple + - name: id + in: path + description: ID of pet to use + required: true + schema: + type: array + items: + type: string + style: simple ``` #### Operation Object @@ -938,20 +938,20 @@ Describes a single API operation on a path. ##### Fixed Fields -Field Name | Type | Description ----|:---:|--- -tags | [`string`] | A list of tags for API documentation control. Tags can be used for logical grouping of operations by resources or any other qualifier. -summary | `string` | A short summary of what the operation does. -description | `string` | A verbose explanation of the operation behavior. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. -externalDocs | [External Documentation Object](#externalDocumentationObject) | Additional external documentation for this operation. -operationId | `string` | Unique string used to identify the operation. The id MUST be unique among all operations described in the API. The operationId value is **case-sensitive**. Tools and libraries MAY use the operationId to uniquely identify an operation, therefore, it is RECOMMENDED to follow common programming naming conventions. -parameters | [[Parameter Object](#parameterObject) \| [Reference Object](#referenceObject)] | A list of parameters that are applicable for this operation. If a parameter is already defined at the [Path Item](#pathItemParameters), the new definition will override it but can never remove it. The list MUST NOT include duplicated parameters. A unique parameter is defined by a combination of a [name](#parameterName) and [location](#parameterIn). The list can use the [Reference Object](#referenceObject) to link to parameters that are defined at the [OpenAPI Object's components/parameters](#componentsParameters). -requestBody | [Request Body Object](#requestBodyObject) \| [Reference Object](#referenceObject) | The request body applicable for this operation. The `requestBody` is only supported in HTTP methods where the HTTP 1.1 specification [RFC7231](https://tools.ietf.org/html/rfc7231#section-4.3.1) has explicitly defined semantics for request bodies. In other cases where the HTTP spec is vague (such as [GET](https://tools.ietf.org/html/rfc7231#section-4.3.1), [HEAD](https://tools.ietf.org/html/rfc7231#section-4.3.2) and [DELETE](https://tools.ietf.org/html/rfc7231#section-4.3.5)), `requestBody` SHALL be ignored by consumers. -responses | [Responses Object](#responsesObject) | **REQUIRED**. The list of possible responses as they are returned from executing this operation. -callbacks | Map[`string`, [Callback Object](#callbackObject) \| [Reference Object](#referenceObject)] | A map of possible out-of band callbacks related to the parent operation. The key is a unique identifier for the Callback Object. Each value in the map is a [Callback Object](#callbackObject) that describes a request that may be initiated by the API provider and the expected responses. -deprecated | `boolean` | Declares this operation to be deprecated. Consumers SHOULD refrain from usage of the declared operation. Default value is `false`. -security | [[Security Requirement Object](#securityRequirementObject)] | A declaration of which security mechanisms can be used for this operation. The list of values includes alternative security requirement objects that can be used. Only one of the security requirement objects need to be satisfied to authorize a request. To make security optional, an empty security requirement (`{}`) can be included in the array. This definition overrides any declared top-level [`security`](#oasSecurity). To remove a top-level security declaration, an empty array can be used. -servers | [[Server Object](#serverObject)] | An alternative `server` array to service this operation. If an alternative `server` object is specified at the Path Item Object or Root level, it will be overridden by this value. +| Field Name | Type | Description | +| ------------------------------------------------ | :---------------------------------------------------------------------------------------: | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| tags | [`string`] | A list of tags for API documentation control. Tags can be used for logical grouping of operations by resources or any other qualifier. | +| summary | `string` | A short summary of what the operation does. | +| description | `string` | A verbose explanation of the operation behavior. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | +| externalDocs | [External Documentation Object](#externalDocumentationObject) | Additional external documentation for this operation. | +| operationId | `string` | Unique string used to identify the operation. The id MUST be unique among all operations described in the API. The operationId value is **case-sensitive**. Tools and libraries MAY use the operationId to uniquely identify an operation, therefore, it is RECOMMENDED to follow common programming naming conventions. | +| parameters | [[Parameter Object](#parameterObject) \| [Reference Object](#referenceObject)] | A list of parameters that are applicable for this operation. If a parameter is already defined at the [Path Item](#pathItemParameters), the new definition will override it but can never remove it. The list MUST NOT include duplicated parameters. A unique parameter is defined by a combination of a [name](#parameterName) and [location](#parameterIn). The list can use the [Reference Object](#referenceObject) to link to parameters that are defined at the [OpenAPI Object's components/parameters](#componentsParameters). | +| requestBody | [Request Body Object](#requestBodyObject) \| [Reference Object](#referenceObject) | The request body applicable for this operation. The `requestBody` is only supported in HTTP methods where the HTTP 1.1 specification [RFC7231](https://tools.ietf.org/html/rfc7231#section-4.3.1) has explicitly defined semantics for request bodies. In other cases where the HTTP spec is vague (such as [GET](https://tools.ietf.org/html/rfc7231#section-4.3.1), [HEAD](https://tools.ietf.org/html/rfc7231#section-4.3.2) and [DELETE](https://tools.ietf.org/html/rfc7231#section-4.3.5)), `requestBody` SHALL be ignored by consumers. | +| responses | [Responses Object](#responsesObject) | **REQUIRED**. The list of possible responses as they are returned from executing this operation. | +| callbacks | Map[`string`, [Callback Object](#callbackObject) \| [Reference Object](#referenceObject)] | A map of possible out-of band callbacks related to the parent operation. The key is a unique identifier for the Callback Object. Each value in the map is a [Callback Object](#callbackObject) that describes a request that may be initiated by the API provider and the expected responses. | +| deprecated | `boolean` | Declares this operation to be deprecated. Consumers SHOULD refrain from usage of the declared operation. Default value is `false`. | +| security | [[Security Requirement Object](#securityRequirementObject)] | A declaration of which security mechanisms can be used for this operation. The list of values includes alternative security requirement objects that can be used. Only one of the security requirement objects need to be satisfied to authorize a request. To make security optional, an empty security requirement (`{}`) can be included in the array. This definition overrides any declared top-level [`security`](#oasSecurity). To remove a top-level security declaration, an empty array can be used. | +| servers | [[Server Object](#serverObject)] | An alternative `server` array to service this operation. If an alternative `server` object is specified at the Path Item Object or Root level, it will be overridden by this value. | This object MAY be extended with [Specification Extensions](#specificationExtensions). @@ -959,9 +959,7 @@ This object MAY be extended with [Specification Extensions](#specificationExtens ```json { - "tags": [ - "pet" - ], + "tags": ["pet"], "summary": "Updates a pet in the store with form data", "operationId": "updatePetWithForm", "parameters": [ @@ -1013,10 +1011,7 @@ This object MAY be extended with [Specification Extensions](#specificationExtens }, "security": [ { - "petstore_auth": [ - "write:pets", - "read:pets" - ] + "petstore_auth": ["write:pets", "read:pets"] } ] } @@ -1024,30 +1019,30 @@ This object MAY be extended with [Specification Extensions](#specificationExtens ```yaml tags: -- pet + - pet summary: Updates a pet in the store with form data operationId: updatePetWithForm parameters: -- name: petId - in: path - description: ID of pet that needs to be updated - required: true - schema: - type: string + - name: petId + in: path + description: ID of pet that needs to be updated + required: true + schema: + type: string requestBody: content: application/x-www-form-urlencoded: schema: - type: object - properties: - name: - description: Updated name of the pet - type: string - status: - description: Updated status of the pet - type: string - required: - - status + type: object + properties: + name: + description: Updated name of the pet + type: string + status: + description: Updated status of the pet + type: string + required: + - status responses: '200': description: Pet updated. @@ -1060,22 +1055,21 @@ responses: application/json: {} application/xml: {} security: -- petstore_auth: - - write:pets - - read:pets + - petstore_auth: + - write:pets + - read:pets ``` - #### External Documentation Object Allows referencing an external resource for extended documentation. ##### Fixed Fields -Field Name | Type | Description ----|:---:|--- -description | `string` | A description of the target documentation. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. -url | `string` | **REQUIRED**. The URL for the target documentation. This MUST be in the form of a URL. +| Field Name | Type | Description | +| ------------------------------------------------ | :------: | -------------------------------------------------------------------------------------------------------------------------------------- | +| description | `string` | A description of the target documentation. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | +| url | `string` | **REQUIRED**. The URL for the target documentation. This MUST be in the form of a URL. | This object MAY be extended with [Specification Extensions](#specificationExtensions). @@ -1102,11 +1096,13 @@ A unique parameter is defined by a combination of a [name](#parameterName) and [ See [Appendix E](#percentEncodingAndFormMediaTypes) for a detailed examination of percent-encoding concerns, including interactions with the `application/x-www-form-urlencoded` query string format. ##### Parameter Locations + There are four possible parameter locations specified by the `in` field: -* path - Used together with [Path Templating](#pathTemplating), where the parameter value is actually part of the operation's URL. This does not include the host or base path of the API. For example, in `/items/{itemId}`, the path parameter is `itemId`. -* query - Parameters that are appended to the URL. For example, in `/items?id=###`, the query parameter is `id`. -* header - Custom headers that are expected as part of the request. Note that [RFC7230](https://tools.ietf.org/html/rfc7230#section-3.2) states header names are case insensitive. -* cookie - Used to pass a specific cookie value to the API. + +- path - Used together with [Path Templating](#pathTemplating), where the parameter value is actually part of the operation's URL. This does not include the host or base path of the API. For example, in `/items/{itemId}`, the path parameter is `itemId`. +- query - Parameters that are appended to the URL. For example, in `/items?id=###`, the query parameter is `id`. +- header - Custom headers that are expected as part of the request. Note that [RFC7230](https://tools.ietf.org/html/rfc7230#section-3.2) states header names are case insensitive. +- cookie - Used to pass a specific cookie value to the API. ##### Fixed Fields @@ -1118,14 +1114,14 @@ See [Appendix B](#dataTypeConversion) for a discussion of converting values of v These fields MAY be used with either `content` or `schema`. -Field Name | Type | Description ----|:---:|--- -name | `string` | **REQUIRED**. The name of the parameter. Parameter names are *case sensitive*.
  • If [`in`](#parameterIn) is `"path"`, the `name` field MUST correspond to a template expression occurring within the [path](#pathsPath) field in the [Paths Object](#pathsObject). See [Path Templating](#pathTemplating) for further information.
  • If [`in`](#parameterIn) is `"header"` and the `name` field is `"Accept"`, `"Content-Type"` or `"Authorization"`, the parameter definition SHALL be ignored.
  • For all other cases, the `name` corresponds to the parameter name used by the [`in`](#parameterIn) property.
-in | `string` | **REQUIRED**. The location of the parameter. Possible values are `"query"`, `"header"`, `"path"` or `"cookie"`. -description | `string` | A brief description of the parameter. This could contain examples of use. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. -required | `boolean` | Determines whether this parameter is mandatory. If the [parameter location](#parameterIn) is `"path"`, this property is **REQUIRED** and its value MUST be `true`. Otherwise, the property MAY be included and its default value is `false`. - deprecated | `boolean` | Specifies that a parameter is deprecated and SHOULD be transitioned out of usage. Default value is `false`. - allowEmptyValue | `boolean` | If `true`, clients MAY pass a zero-length string value in place of parameters that would otherwise be omitted entirely, which the server SHOULD interpret as the parameter being unused. Default value is `false`. If [`style`](#parameterStyle) is used, and if [behavior is _n/a_ (cannot be serialized)](#style-examples), the value of `allowEmptyValue` SHALL be ignored. Interactions between this field and the parameter's [Schema Object](#schemaObject) are implementation-defined. This field is valid only for `query` parameters. Use of this property is NOT RECOMMENDED, and it is likely to be removed in a later revision. +| Field Name | Type | Description | +| ------------------------------------------------------- | :-------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| name | `string` | **REQUIRED**. The name of the parameter. Parameter names are _case sensitive_.
  • If [`in`](#parameterIn) is `"path"`, the `name` field MUST correspond to a template expression occurring within the [path](#pathsPath) field in the [Paths Object](#pathsObject). See [Path Templating](#pathTemplating) for further information.
  • If [`in`](#parameterIn) is `"header"` and the `name` field is `"Accept"`, `"Content-Type"` or `"Authorization"`, the parameter definition SHALL be ignored.
  • For all other cases, the `name` corresponds to the parameter name used by the [`in`](#parameterIn) property.
| +| in | `string` | **REQUIRED**. The location of the parameter. Possible values are `"query"`, `"header"`, `"path"` or `"cookie"`. | +| description | `string` | A brief description of the parameter. This could contain examples of use. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | +| required | `boolean` | Determines whether this parameter is mandatory. If the [parameter location](#parameterIn) is `"path"`, this property is **REQUIRED** and its value MUST be `true`. Otherwise, the property MAY be included and its default value is `false`. | +| deprecated | `boolean` | Specifies that a parameter is deprecated and SHOULD be transitioned out of usage. Default value is `false`. | +| allowEmptyValue | `boolean` | If `true`, clients MAY pass a zero-length string value in place of parameters that would otherwise be omitted entirely, which the server SHOULD interpret as the parameter being unused. Default value is `false`. If [`style`](#parameterStyle) is used, and if [behavior is _n/a_ (cannot be serialized)](#style-examples), the value of `allowEmptyValue` SHALL be ignored. Interactions between this field and the parameter's [Schema Object](#schemaObject) are implementation-defined. This field is valid only for `query` parameters. Use of this property is NOT RECOMMENDED, and it is likely to be removed in a later revision. | This object MAY be extended with [Specification Extensions](#specificationExtensions). @@ -1139,14 +1135,14 @@ The `example` and `examples` fields are mutually exclusive, and if either is pre Serializing with `schema` is NOT RECOMMENDED for `in: cookie` parameters, `in: header` parameters that use HTTP header parameters (name=value pairs following a `;`) in their values, or `in: header` parameters where values might have non-URL-safe characters; see [Appendix D](#serializingHeadersAndCookies) for details. -Field Name | Type | Description ----|:---:|--- -style | `string` | Describes how the parameter value will be serialized depending on the type of the parameter value. Default values (based on value of `in`): for `query` - `form`; for `path` - `simple`; for `header` - `simple`; for `cookie` - `form`. -explode | `boolean` | When this is true, parameter values of type `array` or `object` generate separate parameters for each value of the array or key-value pair of the map. For other types of parameters this property has no effect. When [`style`](#parameterStyle) is `form`, the default value is `true`. For all other styles, the default value is `false`. Note that despite `false` being the default for `deepObject`, the combination of `false` with `deepObject` is undefined. -allowReserved | `boolean` | When this is true, parameter values are serialized using reserved expansion, as defined by [RFC6570](https://datatracker.ietf.org/doc/html/rfc6570#section-3.2.3), which allows [RFC3986's reserved character set](https://datatracker.ietf.org/doc/html/rfc3986#section-2.2), as well as percent-encoded triples, to pass through unchanged, while still percent-encoding all other disallowed characters (including `%` outside of percent-encoded triples). Applications are still responsible for percent-encoding reserved characters that are [not allowed in the query string](https://datatracker.ietf.org/doc/html/rfc3986#section-3.4) (`[`, `]`, `#`), or have a special meaning in `application/x-www-form-urlencoded` (`-`, `&`, `+`); see Appendices [C](#usingRFC6570Implementations) and [E](#percentEncodingAndFormMediaTypes) for details. This property only applies to parameters with an `in` value of `query`. The default value is `false`. -schema | [Schema Object](#schemaObject) \| [Reference Object](#referenceObject) | The schema defining the type used for the parameter. -example | Any | Example of the parameter's potential value; see [Working With Examples](#working-with-examples). -examples | Map[ `string`, [Example Object](#exampleObject) \| [Reference Object](#referenceObject)] | Examples of the parameter's potential value; see [Working With Examples](#working-with-examples). +| Field Name | Type | Description | +| -------------------------------------------------- | :--------------------------------------------------------------------------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| style | `string` | Describes how the parameter value will be serialized depending on the type of the parameter value. Default values (based on value of `in`): for `query` - `form`; for `path` - `simple`; for `header` - `simple`; for `cookie` - `form`. | +| explode | `boolean` | When this is true, parameter values of type `array` or `object` generate separate parameters for each value of the array or key-value pair of the map. For other types of parameters this property has no effect. When [`style`](#parameterStyle) is `form`, the default value is `true`. For all other styles, the default value is `false`. Note that despite `false` being the default for `deepObject`, the combination of `false` with `deepObject` is undefined. | +| allowReserved | `boolean` | When this is true, parameter values are serialized using reserved expansion, as defined by [RFC6570](https://datatracker.ietf.org/doc/html/rfc6570#section-3.2.3), which allows [RFC3986's reserved character set](https://datatracker.ietf.org/doc/html/rfc3986#section-2.2), as well as percent-encoded triples, to pass through unchanged, while still percent-encoding all other disallowed characters (including `%` outside of percent-encoded triples). Applications are still responsible for percent-encoding reserved characters that are [not allowed in the query string](https://datatracker.ietf.org/doc/html/rfc3986#section-3.4) (`[`, `]`, `#`), or have a special meaning in `application/x-www-form-urlencoded` (`-`, `&`, `+`); see Appendices [C](#usingRFC6570Implementations) and [E](#percentEncodingAndFormMediaTypes) for details. This property only applies to parameters with an `in` value of `query`. The default value is `false`. | +| schema | [Schema Object](#schemaObject) \| [Reference Object](#referenceObject) | The schema defining the type used for the parameter. | +| example | Any | Example of the parameter's potential value; see [Working With Examples](#working-with-examples). | +| examples | Map[ `string`, [Example Object](#exampleObject) \| [Reference Object](#referenceObject)] | Examples of the parameter's potential value; see [Working With Examples](#working-with-examples). | See also [Appendix C: Using RFC6570 Implementations](#usingRFC6570Implementations) for additional guidance. @@ -1155,23 +1151,23 @@ See also [Appendix C: Using RFC6570 Implementations](#usingRFC6570Implementation For more complex scenarios, the [`content`](#parameterContent) property can define the media type and schema of the parameter, as well as give examples of its use. Using `content` with a `text/plain` media type is RECOMMENDED for `in: header` and `in: cookie` parameters where the `schema` strategy is not appropriate. -Field Name | Type | Description ----|:---:|--- -content | Map[`string`, [Media Type Object](#mediaTypeObject)] | A map containing the representations for the parameter. The key is the media type and the value describes it. The map MUST only contain one entry. +| Field Name | Type | Description | +| -------------------------------------- | :--------------------------------------------------: | -------------------------------------------------------------------------------------------------------------------------------------------------- | +| content | Map[`string`, [Media Type Object](#mediaTypeObject)] | A map containing the representations for the parameter. The key is the media type and the value describes it. The map MUST only contain one entry. | ##### Style Values In order to support common ways of serializing simple parameters, a set of `style` values are defined. -`style` | [`type`](#dataTypes) | `in` | Comments ------------ | ------ | -------- | -------- -matrix | `primitive`, `array`, `object` | `path` | Path-style parameters defined by [RFC6570](https://tools.ietf.org/html/rfc6570#section-3.2.7) -label | `primitive`, `array`, `object` | `path` | Label style parameters defined by [RFC6570](https://tools.ietf.org/html/rfc6570#section-3.2.5) -simple | `primitive`, `array`, `object` | `path`, `header` | Simple style parameters defined by [RFC6570](https://tools.ietf.org/html/rfc6570#section-3.2.2). This option replaces `collectionFormat` with a `csv` value from OpenAPI 2.0. -form | `primitive`, `array`, `object` | `query`, `cookie` | Form style parameters defined by [RFC6570](https://tools.ietf.org/html/rfc6570#section-3.2.8). This option replaces `collectionFormat` with a `csv` (when `explode` is false) or `multi` (when `explode` is true) value from OpenAPI 2.0. -spaceDelimited | `array`, `object` | `query` | Space separated array values or object properties and values. This option replaces `collectionFormat` equal to `ssv` from OpenAPI 2.0. -pipeDelimited | `array`, `object` | `query` | Pipe separated array values or object properties and values. This option replaces `collectionFormat` equal to `pipes` from OpenAPI 2.0. -deepObject | `object` | `query` | Allows objects with scalar properties to be represented using form parameters. The representation of array or object properties is not defined. +| `style` | [`type`](#dataTypes) | `in` | Comments | +| -------------- | ------------------------------ | ----------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| matrix | `primitive`, `array`, `object` | `path` | Path-style parameters defined by [RFC6570](https://tools.ietf.org/html/rfc6570#section-3.2.7) | +| label | `primitive`, `array`, `object` | `path` | Label style parameters defined by [RFC6570](https://tools.ietf.org/html/rfc6570#section-3.2.5) | +| simple | `primitive`, `array`, `object` | `path`, `header` | Simple style parameters defined by [RFC6570](https://tools.ietf.org/html/rfc6570#section-3.2.2). This option replaces `collectionFormat` with a `csv` value from OpenAPI 2.0. | +| form | `primitive`, `array`, `object` | `query`, `cookie` | Form style parameters defined by [RFC6570](https://tools.ietf.org/html/rfc6570#section-3.2.8). This option replaces `collectionFormat` with a `csv` (when `explode` is false) or `multi` (when `explode` is true) value from OpenAPI 2.0. | +| spaceDelimited | `array`, `object` | `query` | Space separated array values or object properties and values. This option replaces `collectionFormat` equal to `ssv` from OpenAPI 2.0. | +| pipeDelimited | `array`, `object` | `query` | Pipe separated array values or object properties and values. This option replaces `collectionFormat` equal to `pipes` from OpenAPI 2.0. | +| deepObject | `object` | `query` | Allows objects with scalar properties to be represented using form parameters. The representation of array or object properties is not defined. | See [Appendix E](#percentEncodingAndFormMediaTypes) for a discussion of percent-encoding, including when delimiters need to be percent-encoded and options for handling collisions with percent-encoded data. @@ -1187,29 +1183,29 @@ Assume a parameter named `color` has one of the following values: The following table shows examples, as would be shown with the `example` or `examples` keywords, of the different serializations for each value. -* The value _empty_ denotes the empty string, and is unrelated to the `allowEmptyValue` field -* The behavior of combinations marked _n/a_ is undefined -* The `undefined` replaces the `empty` column in previous versions of this specification in order to better align with [RFC6570](https://www.rfc-editor.org/rfc/rfc6570.html#section-2.3) terminology, which describes certain values including but not limited to `null` as "undefined" values with special handling; notably, the empty string is _not_ undefined -* For `form` and the non-RFC6570 query string styles `spaceDelimited`, `pipeDelimited`, and `deepObject`, each example is shown prefixed with `?` as if it were the only query parameter; see [Appendix C](#usingRFC6570Implementations) for more information on constructing query strings from multiple parameters, and [Appendix D](#serializingHeadersAndCookies) for warnings regarding `form` and cookie parameters -* Note that the `?` prefix is not appropriate for serializing `application/x-www-form-urlencoded` HTTP message bodies, and MUST be stripped or (if constructing the string manually) not added when used in that context; see the [Encoding Object](#encodingObject) for more information -* The examples are percent-encoded as required by RFC6570 and RFC3986; see [Appendix E](#percentEncodingAndFormMediaTypes) for a thorough discussion of percent-encoding concerns, including why unencoded `|` (`%7C`), `[` (`%5B`), and `]` (`%5D`) seem to work in some environments despite not being compliant. - -[`style`](#styleValues) | `explode` | `empty` | `string` | `array` | `object` ------------ | ------ | -------- | -------- | -------- | ------- -matrix | false | ;color | ;color=blue | ;color=blue,black,brown | ;color=R,100,G,200,B,150 -matrix | true | ;color | ;color=blue | ;color=blue;color=black;color=brown | ;R=100;G=200;B=150 -label | false | . | .blue | .blue,black,brown | .R,100,G,200,B,150 -label | true | . | .blue | .blue.black.brown | .R=100.G=200.B=150 -simple | false | _empty_ | blue | blue,black,brown | R,100,G,200,B,150 -simple | true | _empty_ | blue | blue,black,brown | R=100,G=200,B=150 -form | false | ?color= | ?color=blue | ?color=blue,black,brown | ?color=R,100,G,200,B,150 -form | true | ?color= | ?color=blue | ?color=blue&color=black&color=brown | ?R=100&G=200&B=150 -spaceDelimited | false | _n/a_ | _n/a_ | ?color=blue%20black%20brown | ?color=R%20100%20G%20200%20B%20150 -spaceDelimited | true | _n/a_ | _n/a_ | _n/a_ | _n/a_ -pipeDelimited | false | _n/a_ | _n/a_ | ?color=blue%7Cblack%7Cbrown | ?color=R%7C100%7CG%7C200%7CB%7C150 -pipeDelimited | true | _n/a_ | _n/a_ | _n/a_ | _n/a_ -deepObject | false | _n/a_ | _n/a_ | _n/a_ | _n/a_ -deepObject | true | _n/a_ | _n/a_ | _n/a_ | ?color%5BR%5D=100&color%5BG%5D=200&color%5BB%5D=150 +- The value _empty_ denotes the empty string, and is unrelated to the `allowEmptyValue` field +- The behavior of combinations marked _n/a_ is undefined +- The `undefined` replaces the `empty` column in previous versions of this specification in order to better align with [RFC6570](https://www.rfc-editor.org/rfc/rfc6570.html#section-2.3) terminology, which describes certain values including but not limited to `null` as "undefined" values with special handling; notably, the empty string is _not_ undefined +- For `form` and the non-RFC6570 query string styles `spaceDelimited`, `pipeDelimited`, and `deepObject`, each example is shown prefixed with `?` as if it were the only query parameter; see [Appendix C](#usingRFC6570Implementations) for more information on constructing query strings from multiple parameters, and [Appendix D](#serializingHeadersAndCookies) for warnings regarding `form` and cookie parameters +- Note that the `?` prefix is not appropriate for serializing `application/x-www-form-urlencoded` HTTP message bodies, and MUST be stripped or (if constructing the string manually) not added when used in that context; see the [Encoding Object](#encodingObject) for more information +- The examples are percent-encoded as required by RFC6570 and RFC3986; see [Appendix E](#percentEncodingAndFormMediaTypes) for a thorough discussion of percent-encoding concerns, including why unencoded `|` (`%7C`), `[` (`%5B`), and `]` (`%5D`) seem to work in some environments despite not being compliant. + +| [`style`](#styleValues) | `explode` | `empty` | `string` | `array` | `object` | +| ----------------------- | --------- | ------------------------------------------------- | ----------------------------------------------------- | ----------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------- | +| matrix | false | ;color | ;color=blue | ;color=blue,black,brown | ;color=R,100,G,200,B,150 | +| matrix | true | ;color | ;color=blue | ;color=blue;color=black;color=brown | ;R=100;G=200;B=150 | +| label | false | . | .blue | .blue,black,brown | .R,100,G,200,B,150 | +| label | true | . | .blue | .blue.black.brown | .R=100.G=200.B=150 | +| simple | false | _empty_ | blue | blue,black,brown | R,100,G,200,B,150 | +| simple | true | _empty_ | blue | blue,black,brown | R=100,G=200,B=150 | +| form | false | ?color= | ?color=blue | ?color=blue,black,brown | ?color=R,100,G,200,B,150 | +| form | true | ?color= | ?color=blue | ?color=blue&color=black&color=brown | ?R=100&G=200&B=150 | +| spaceDelimited | false | _n/a_ | _n/a_ | ?color=blue%20black%20brown | ?color=R%20100%20G%20200%20B%20150 | +| spaceDelimited | true | _n/a_ | _n/a_ | _n/a_ | _n/a_ | +| pipeDelimited | false | _n/a_ | _n/a_ | ?color=blue%7Cblack%7Cbrown | ?color=R%7C100%7CG%7C200%7CB%7C150 | +| pipeDelimited | true | _n/a_ | _n/a_ | _n/a_ | _n/a_ | +| deepObject | false | _n/a_ | _n/a_ | _n/a_ | _n/a_ | +| deepObject | true | _n/a_ | _n/a_ | _n/a_ | ?color%5BR%5D=100&color%5BG%5D=200&color%5BB%5D=150 | ##### Parameter Object Examples @@ -1246,6 +1242,7 @@ style: simple ``` A path parameter of a string value: + ```json { "name": "username", @@ -1268,6 +1265,7 @@ schema: ``` An optional query parameter of a string value, allowing multiple values by repeating the query parameter: + ```json { "name": "id", @@ -1299,6 +1297,7 @@ explode: true ``` A free-form query parameter, allowing undefined parameters of a specific type: + ```json { "in": "query", @@ -1307,7 +1306,7 @@ A free-form query parameter, allowing undefined parameters of a specific type: "type": "object", "additionalProperties": { "type": "integer" - }, + } }, "style": "form" } @@ -1333,10 +1332,7 @@ A complex parameter using `content` to define serialization: "application/json": { "schema": { "type": "object", - "required": [ - "lat", - "long" - ], + "required": ["lat", "long"], "properties": { "lat": { "type": "number" @@ -1373,18 +1369,19 @@ content: Describes a single request body. ##### Fixed Fields -Field Name | Type | Description ----|:---:|--- -description | `string` | A brief description of the request body. This could contain examples of use. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. -content | Map[`string`, [Media Type Object](#mediaTypeObject)] | **REQUIRED**. The content of the request body. The key is a media type or [media type range](https://tools.ietf.org/html/rfc7231#appendix-D) and the value describes it. For requests that match multiple keys, only the most specific key is applicable. e.g. text/plain overrides text/* -required | `boolean` | Determines if the request body is required in the request. Defaults to `false`. +| Field Name | Type | Description | +| ------------------------------------------------ | :--------------------------------------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| description | `string` | A brief description of the request body. This could contain examples of use. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | +| content | Map[`string`, [Media Type Object](#mediaTypeObject)] | **REQUIRED**. The content of the request body. The key is a media type or [media type range](https://tools.ietf.org/html/rfc7231#appendix-D) and the value describes it. For requests that match multiple keys, only the most specific key is applicable. e.g. text/plain overrides text/\* | +| required | `boolean` | Determines if the request body is required in the request. Defaults to `false`. | This object MAY be extended with [Specification Extensions](#specificationExtensions). ##### Request Body Examples A request body with a referenced schema definition. + ```json { "description": "user to add to the system", @@ -1394,7 +1391,7 @@ A request body with a referenced schema definition. "$ref": "#/components/schemas/User" }, "examples": { - "user" : { + "user": { "summary": "User Example", "externalValue": "https://foo.bar/examples/user-example.json" } @@ -1405,7 +1402,7 @@ A request body with a referenced schema definition. "$ref": "#/components/schemas/User" }, "examples": { - "user" : { + "user": { "summary": "User example in XML", "externalValue": "https://foo.bar/examples/user-example.xml" } @@ -1413,7 +1410,7 @@ A request body with a referenced schema definition. }, "text/plain": { "examples": { - "user" : { + "user": { "summary": "User example in Plain text", "externalValue": "https://foo.bar/examples/user-example.txt" } @@ -1421,7 +1418,7 @@ A request body with a referenced schema definition. }, "*/*": { "examples": { - "user" : { + "user": { "summary": "User example in other format", "externalValue": "https://foo.bar/examples/user-example.whatever" } @@ -1461,6 +1458,7 @@ content: ``` #### Media Type Object + Each Media Type Object provides schema and examples for the media type identified by its key. When `example` or `examples` are provided, the example SHOULD match the specified schema and be in the correct format as specified by the media type and its encoding. @@ -1468,12 +1466,13 @@ The `example` and `examples` fields are mutually exclusive, and if either is pre See [Working With Examples](#working-with-examples) for further guidance regarding the different ways of specifying examples, including non-JSON/YAML values. ##### Fixed Fields -Field Name | Type | Description ----|:---:|--- -schema | [Schema Object](#schemaObject) \| [Reference Object](#referenceObject) | The schema defining the content of the request, response, parameter, or header. -example | Any | Example of the media type; see [Working With Examples](#working-with-examples). -examples | Map[ `string`, [Example Object](#exampleObject) \| [Reference Object](#referenceObject)] | Examples of the media type; see [Working With Examples](#working-with-examples). -encoding | Map[`string`, [Encoding Object](#encodingObject)] | A map between a property name and its encoding information. The key, being the property name, MUST exist in the schema as a property. The encoding attribute SHALL only apply to [Request Body Objects](#requestBodyObject), and only when the media type is `multipart` or `application/x-www-form-urlencoded`. If no Encoding Object is provided for a property, the behavior is determined by the default values documented for the Encoding Object. + +| Field Name | Type | Description | +| ---------------------------------------- | :--------------------------------------------------------------------------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| schema | [Schema Object](#schemaObject) \| [Reference Object](#referenceObject) | The schema defining the content of the request, response, parameter, or header. | +| example | Any | Example of the media type; see [Working With Examples](#working-with-examples). | +| examples | Map[ `string`, [Example Object](#exampleObject) \| [Reference Object](#referenceObject)] | Examples of the media type; see [Working With Examples](#working-with-examples). | +| encoding | Map[`string`, [Encoding Object](#encodingObject)] | A map between a property name and its encoding information. The key, being the property name, MUST exist in the schema as a property. The encoding attribute SHALL only apply to [Request Body Objects](#requestBodyObject), and only when the media type is `multipart` or `application/x-www-form-urlencoded`. If no Encoding Object is provided for a property, the behavior is determined by the default values documented for the Encoding Object. | This object MAY be extended with [Specification Extensions](#specificationExtensions). @@ -1486,7 +1485,7 @@ This object MAY be extended with [Specification Extensions](#specificationExtens "$ref": "#/components/schemas/Pet" }, "examples": { - "cat" : { + "cat": { "summary": "An example of a cat", "value": { "name": "Fluffy", @@ -1498,7 +1497,7 @@ This object MAY be extended with [Specification Extensions](#specificationExtens }, "dog": { "summary": "An example of a dog with a cat's name", - "value" : { + "value": { "name": "Puma", "petType": "Dog", "color": "Black", @@ -1517,7 +1516,7 @@ This object MAY be extended with [Specification Extensions](#specificationExtens ```yaml application/json: schema: - $ref: "#/components/schemas/Pet" + $ref: '#/components/schemas/Pet' examples: cat: summary: An example of a cat @@ -1536,7 +1535,7 @@ application/json: gender: Female breed: Mixed frog: - $ref: "#/components/examples/frog-example" + $ref: '#/components/examples/frog-example' ``` ##### Considerations for File Uploads @@ -1570,7 +1569,7 @@ In addition, specific media types MAY be specified: # multiple, specific media types may be specified: requestBody: content: - # a binary file of type png or jpeg + # a binary file of type png or jpeg 'image/jpeg': schema: type: string @@ -1607,22 +1606,22 @@ See [Appendix E](#percentEncodingAndFormMediaTypes) for a detailed examination o These fields MAY be used either with or without the RFC6570-style serialization fields defined in the next section below. -Field Name | Type | Description ----|:---:|--- -contentType | `string` | The `Content-Type` for encoding a specific property. The value is a comma-separated list, each element of which is either a specific media type (e.g. `image/png`) or a wildcard media type (e.g. `image/*`). Default value depends on the property type as shown in the table below. -headers | Map[`string`, [Header Object](#headerObject) \| [Reference Object](#referenceObject)] | A map allowing additional information to be provided as headers. `Content-Type` is described separately and SHALL be ignored in this section. This property SHALL be ignored if the request body media type is not a `multipart`. +| Field Name | Type | Description | +| --------------------------------------------- | :-----------------------------------------------------------------------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| contentType | `string` | The `Content-Type` for encoding a specific property. The value is a comma-separated list, each element of which is either a specific media type (e.g. `image/png`) or a wildcard media type (e.g. `image/*`). Default value depends on the property type as shown in the table below. | +| headers | Map[`string`, [Header Object](#headerObject) \| [Reference Object](#referenceObject)] | A map allowing additional information to be provided as headers. `Content-Type` is described separately and SHALL be ignored in this section. This property SHALL be ignored if the request body media type is not a `multipart`. | This object MAY be extended with [Specification Extensions](#specificationExtensions). The default values for `contentType` are as follows, where an _n/a_ in the `format` column means that the presence or value of `format` is irrelevant: -Property `type` | Property `format` | Default `contentType` -------------- | --------------- | --------------------- -`string` | `binary` _or_ `byte` | `application/octet-stream` -`string` | _none, or any except `binary` or `byte`_ | `text/plain` -`number`, `integer`, or `boolean` | _n/a_ | `text/plain` -`object` | _n/a_ | `application/json` -`array` | _n/a_ | according to the `type` and `format` of the `items` schema +| Property `type` | Property `format` | Default `contentType` | +| --------------------------------- | ---------------------------------------- | ---------------------------------------------------------- | +| `string` | `binary` _or_ `byte` | `application/octet-stream` | +| `string` | _none, or any except `binary` or `byte`_ | `text/plain` | +| `number`, `integer`, or `boolean` | _n/a_ | `text/plain` | +| `object` | _n/a_ | `application/json` | +| `array` | _n/a_ | according to the `type` and `format` of the `items` schema | Determining how to handle `null` values if `nullable: true` is present depends on how `null` values are being serialized. If `null` values are entirely omitted, then the `contentType` is irrelevant. @@ -1630,24 +1629,24 @@ See [Appendix B](#dataTypeConversion) for a discussion of data type conversion o ###### Fixed Fields for RFC6570-style Serialization -Field Name | Type | Description ----|:---:|--- -style | `string` | Describes how a specific property value will be serialized depending on its type. See [Parameter Object](#parameterObject) for details on the [`style`](#parameterStyle) property. The behavior follows the same values as `query` parameters, including default values. Note that the initial `?` used in query strings is not used in `application/x-www-form-urlencoded` message bodies, and MUST be removed (if using an RFC6570 implementation) or simply not added (if constructing the string manually). This property SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. -explode | `boolean` | When this is true, property values of type `array` or `object` generate separate parameters for each value of the array, or key-value-pair of the map. For other types of properties this property has no effect. When [`style`](#encodingStyle) is `form`, the default value is `true`. For all other styles, the default value is `false`. Note that despite `false` being the default for `deepObject`, the combination of `false` with `deepObject` is undefined. This property SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. -allowReserved | `boolean` | When this is true, parameter values are serialized using reserved expansion, as defined by [RFC6570](https://datatracker.ietf.org/doc/html/rfc6570#section-3.2.3), which allows [RFC3986's reserved character set](https://datatracker.ietf.org/doc/html/rfc3986#section-2.2), as well as percent-encoded triples, to pass through unchanged, while still percent-encoding all other disallowed characters (including `%` outside of percent-encoded triples). Applications are still responsible for percent-encoding reserved characters that are [not allowed in the query string](https://datatracker.ietf.org/doc/html/rfc3986#section-3.4) (`[`, `]`, `#`), or have a special meaning in `application/x-www-form-urlencoded` (`-`, `&`, `+`); see Appendices [C](#usingRFC6570Implementations) and [E](#percentEncodingAndFormMediaTypes) for details. The default value is `false`. This property SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. +| Field Name | Type | Description | +| ------------------------------------------------- | :-------: | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| style | `string` | Describes how a specific property value will be serialized depending on its type. See [Parameter Object](#parameterObject) for details on the [`style`](#parameterStyle) property. The behavior follows the same values as `query` parameters, including default values. Note that the initial `?` used in query strings is not used in `application/x-www-form-urlencoded` message bodies, and MUST be removed (if using an RFC6570 implementation) or simply not added (if constructing the string manually). This property SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. | +| explode | `boolean` | When this is true, property values of type `array` or `object` generate separate parameters for each value of the array, or key-value-pair of the map. For other types of properties this property has no effect. When [`style`](#encodingStyle) is `form`, the default value is `true`. For all other styles, the default value is `false`. Note that despite `false` being the default for `deepObject`, the combination of `false` with `deepObject` is undefined. This property SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. | +| allowReserved | `boolean` | When this is true, parameter values are serialized using reserved expansion, as defined by [RFC6570](https://datatracker.ietf.org/doc/html/rfc6570#section-3.2.3), which allows [RFC3986's reserved character set](https://datatracker.ietf.org/doc/html/rfc3986#section-2.2), as well as percent-encoded triples, to pass through unchanged, while still percent-encoding all other disallowed characters (including `%` outside of percent-encoded triples). Applications are still responsible for percent-encoding reserved characters that are [not allowed in the query string](https://datatracker.ietf.org/doc/html/rfc3986#section-3.4) (`[`, `]`, `#`), or have a special meaning in `application/x-www-form-urlencoded` (`-`, `&`, `+`); see Appendices [C](#usingRFC6570Implementations) and [E](#percentEncodingAndFormMediaTypes) for details. The default value is `false`. This property SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. | See also [Appendix C: Using RFC6570 Implementations](#usingRFC6570Implementations) for additional guidance. The role of `contentType` with `application/x-www-form-urlencoded` request bodies was not described in detail in version 3.0.3 and earlier of this specification. To match the intent of these fields and be compatible with version 3.1 of this specification, it is RECOMMENDED that whenever any of `style`, `explode`, or `allowReserved` are present with an explicit value: -* The value of `contentType`, whether it is explicitly defined or has the default value, is to be ignored -* If any of `style`, `explode`, or `allowReserved` are _not_ present with explicit values, then they are to be treated as if they were present with their default values +- The value of `contentType`, whether it is explicitly defined or has the default value, is to be ignored +- If any of `style`, `explode`, or `allowReserved` are _not_ present with explicit values, then they are to be treated as if they were present with their default values However, if all three of `style`, `explode`, and `allowReserved` fields are absent, it is RECOMMENDED that: -* All three keywords are to be entirely ignored, rather than treated as having their default values -* Encoding is to be based on `contentType` alone, whether it is present with an explicit value or absent and treated as having its default value +- All three keywords are to be entirely ignored, rather than treated as having their default values +- Encoding is to be based on `contentType` alone, whether it is present with an explicit value or absent and treated as having its default value Note that the presence of at least one of `style`, `explode`, or `allowReserved` with an explicit value is equivalent to using `schema` with `in: query` Parameter Objects. The absence of all three of those fields is the equivalent of using `content`, but with the media type specified in `contentType` rather than through a Media Type Object. @@ -1741,7 +1740,7 @@ However, this is not guaranteed and the value would still need to be percent-dec ##### Encoding `multipart` Media Types -It is common to use `multipart/form-data` as a `Content-Type` when transferring forms as request bodies. In contrast to 2.0, a `schema` is REQUIRED to define the input parameters to the operation when using `multipart` content. This supports complex structures as well as supporting mechanisms for multiple file uploads. +It is common to use `multipart/form-data` as a `Content-Type` when transferring forms as request bodies. In contrast to 2.0, a `schema` is REQUIRED to define the input parameters to the operation when using `multipart` content. This supports complex structures as well as supporting mechanisms for multiple file uploads. The `form-data` disposition and its `name` parameter are mandatory for `multipart/form-data` ([RFC7578](https://www.rfc-editor.org/rfc/rfc7578.html#section-4.2)). Array properties are handled by applying the same `name` to multiple parts, as is recommended by [RFC7578](https://www.rfc-editor.org/rfc/rfc7578.html#section-4.3) for supplying multiple values per form field. @@ -1757,7 +1756,7 @@ Note also that `Content-Transfer-Encoding` is deprecated for `multipart/form-dat Using `format: byte` for a multipart field is equivalent to specifying an [Encoding Object](#encodingObject) with a `headers` field containing `Content-Transfer-Encoding` with a schema that requires the value `base64`. If `format: byte` is used for a multipart field that has an Encoding Object with a `headers` field containing `Content-Transfer-Encoding` with a schema that disallows `base64`, the result is undefined for serialization and parsing. -Per the JSON Schema specification, `contentMediaType` without `contentEncoding` present is treated as if `contentEncoding: identity` were present. While useful for embedding text documents such as `text/html` into JSON strings, it is not useful for a `multipart/form-data` part, as it just causes the document to be treated as `text/plain` instead of its actual media type. Use the Encoding Object without `contentMediaType` if no `contentEncoding` is required. +Per the JSON Schema specification, `contentMediaType` without `contentEncoding` present is treated as if `contentEncoding: identity` were present. While useful for embedding text documents such as `text/html` into JSON strings, it is not useful for a `multipart/form-data` part, as it just causes the document to be treated as `text/plain` instead of its actual media type. Use the Encoding Object without `contentMediaType` if no `contentEncoding` is required. See [Appendix E](#percentEncodingAndFormMediaTypes) for a detailed examination of percent-encoding concerns for form media types. @@ -1811,7 +1810,7 @@ requestBody: description: addresses in XML format type: array items: - $ref: '#/components/schemas/Address' + $ref: '#/components/schemas/Address' profileImage: # default is application/octet-stream, but we can declare # a more specific image type or types @@ -1849,7 +1848,6 @@ requestBody: items: type: string format: binary - ``` #### Responses Object @@ -1860,7 +1858,7 @@ The container maps a HTTP response code to the expected response. The documentation is not necessarily expected to cover all possible HTTP response codes because they may not be known in advance. However, documentation is expected to cover a successful operation response and any known errors. -The `default` MAY be used as a default response object for all HTTP codes +The `default` MAY be used as a default response object for all HTTP codes that are not covered individually by the Responses Object. The Responses Object MUST contain at least one response code, and if only one @@ -1868,15 +1866,16 @@ response code is provided it SHOULD be the response for a successful operation call. ##### Fixed Fields -Field Name | Type | Description ----|:---:|--- -default | [Response Object](#responseObject) \| [Reference Object](#referenceObject) | The documentation of responses other than the ones declared for specific HTTP response codes. Use this field to cover undeclared responses. A [Reference Object](#referenceObject) can link to a response that the [OpenAPI Object's components/responses](#componentsResponses) section defines. + +| Field Name | Type | Description | +| -------------------------------------- | :------------------------------------------------------------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| default | [Response Object](#responseObject) \| [Reference Object](#referenceObject) | The documentation of responses other than the ones declared for specific HTTP response codes. Use this field to cover undeclared responses. A [Reference Object](#referenceObject) can link to a response that the [OpenAPI Object's components/responses](#componentsResponses) section defines. | ##### Patterned Fields -Field Pattern | Type | Description ----|:---:|--- -[HTTP Status Code](#httpCodes) | [Response Object](#responseObject) \| [Reference Object](#referenceObject) | Any [HTTP status code](#httpCodes) can be used as the property name, but only one property per code, to describe the expected response for that HTTP status code. A [Reference Object](#referenceObject) can link to a response that is defined in the [OpenAPI Object's components/responses](#componentsResponses) section. This field MUST be enclosed in quotation marks (for example, "200") for compatibility between JSON and YAML. To define a range of response codes, this field MAY contain the uppercase wildcard character `X`. For example, `2XX` represents all response codes between `[200-299]`. Only the following range definitions are allowed: `1XX`, `2XX`, `3XX`, `4XX`, and `5XX`. If a response is defined using an explicit code, the explicit code definition takes precedence over the range definition for that code. +| Field Pattern | Type | Description | +| ---------------------------------------------------------- | :------------------------------------------------------------------------: | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| [HTTP Status Code](#httpCodes) | [Response Object](#responseObject) \| [Reference Object](#referenceObject) | Any [HTTP status code](#httpCodes) can be used as the property name, but only one property per code, to describe the expected response for that HTTP status code. A [Reference Object](#referenceObject) can link to a response that is defined in the [OpenAPI Object's components/responses](#componentsResponses) section. This field MUST be enclosed in quotation marks (for example, "200") for compatibility between JSON and YAML. To define a range of response codes, this field MAY contain the uppercase wildcard character `X`. For example, `2XX` represents all response codes between `[200-299]`. Only the following range definitions are allowed: `1XX`, `2XX`, `3XX`, `4XX`, and `5XX`. If a response is defined using an explicit code, the explicit code definition takes precedence over the range definition for that code. | This object MAY be extended with [Specification Extensions](#specificationExtensions). @@ -1925,16 +1924,18 @@ default: ``` #### Response Object -Describes a single response from an API Operation, including design-time, static + +Describes a single response from an API Operation, including design-time, static `links` to operations based on the response. ##### Fixed Fields -Field Name | Type | Description ----|:---:|--- -description | `string` | **REQUIRED**. A description of the response. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. -headers | Map[`string`, [Header Object](#headerObject) \| [Reference Object](#referenceObject)] | Maps a header name to its definition. [RFC7230](https://tools.ietf.org/html/rfc7230#section-3.2) states header names are case insensitive. If a response header is defined with the name `"Content-Type"`, it SHALL be ignored. -content | Map[`string`, [Media Type Object](#mediaTypeObject)] | A map containing descriptions of potential response payloads. The key is a media type or [media type range](https://tools.ietf.org/html/rfc7231#appendix-D) and the value describes it. For responses that match multiple keys, only the most specific key is applicable. e.g. text/plain overrides text/* -links | Map[`string`, [Link Object](#linkObject) \| [Reference Object](#referenceObject)] | A map of operations links that can be followed from the response. The key of the map is a short name for the link, following the naming constraints of the names for [Component Objects](#componentsObject). + +| Field Name | Type | Description | +| --------------------------------------------- | :-----------------------------------------------------------------------------------: | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| description | `string` | **REQUIRED**. A description of the response. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | +| headers | Map[`string`, [Header Object](#headerObject) \| [Reference Object](#referenceObject)] | Maps a header name to its definition. [RFC7230](https://tools.ietf.org/html/rfc7230#section-3.2) states header names are case insensitive. If a response header is defined with the name `"Content-Type"`, it SHALL be ignored. | +| content | Map[`string`, [Media Type Object](#mediaTypeObject)] | A map containing descriptions of potential response payloads. The key is a media type or [media type range](https://tools.ietf.org/html/rfc7231#appendix-D) and the value describes it. For responses that match multiple keys, only the most specific key is applicable. e.g. text/plain overrides text/\* | +| links | Map[`string`, [Link Object](#linkObject) \| [Reference Object](#referenceObject)] | A map of operations links that can be followed from the response. The key of the map is a short name for the link, following the naming constraints of the names for [Component Objects](#componentsObject). | This object MAY be extended with [Specification Extensions](#specificationExtensions). @@ -2068,9 +2069,10 @@ Each value in the map is a [Path Item Object](#pathItemObject) that describes a The key value used to identify the path item object is an expression, evaluated at runtime, that identifies a URL to use for the callback operation. ##### Patterned Fields -Field Pattern | Type | Description ----|:---:|--- -{expression} | [Path Item Object](#pathItemObject) | A Path Item Object used to define a callback request and expected responses. A [complete example](../examples/v3.0/callback-example.yaml) is available. + +| Field Pattern | Type | Description | +| --------------------------------------------- | :---------------------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------- | +| {expression} | [Path Item Object](#pathItemObject) | A Path Item Object used to define a callback request and expected responses. A [complete example](../examples/v3.0/callback-example.yaml) is available. | This object MAY be extended with [Specification Extensions](#specificationExtensions). @@ -2079,7 +2081,7 @@ This object MAY be extended with [Specification Extensions](#specificationExtens The key that identifies the [Path Item Object](#pathItemObject) is a [runtime expression](#runtimeExpression) that can be evaluated in the context of a runtime HTTP request/response to identify the URL to be used for the callback request. A simple example might be `$request.body#/url`. However, using a [runtime expression](#runtimeExpression) the complete HTTP message can be accessed. -This includes accessing any part of a body that a JSON Pointer [RFC6901](https://tools.ietf.org/html/rfc6901) can reference. +This includes accessing any part of a body that a JSON Pointer [RFC6901](https://tools.ietf.org/html/rfc6901) can reference. For example, given the following HTTP request: @@ -2104,21 +2106,20 @@ Location: https://example.org/subscription/1 The following examples show how the various expressions evaluate, assuming the callback operation has a path parameter named `eventType` and a query parameter named `queryUrl`. -Expression | Value ----|:--- -$url | https://example.org/subscribe/myevent?queryUrl=https://clientdomain.com/stillrunning -$method | POST -$request.path.eventType | myevent -$request.query.queryUrl | https://clientdomain.com/stillrunning -$request.header.content-Type | application/json -$request.body#/failedUrl | https://clientdomain.com/failed -$request.body#/successUrls/1 | https://clientdomain.com/medium -$response.header.Location | https://example.org/subscription/1 - +| Expression | Value | +| ---------------------------- | :----------------------------------------------------------------------------------- | +| $url | https://example.org/subscribe/myevent?queryUrl=https://clientdomain.com/stillrunning | +| $method | POST | +| $request.path.eventType | myevent | +| $request.query.queryUrl | https://clientdomain.com/stillrunning | +| $request.header.content-Type | application/json | +| $request.body#/failedUrl | https://clientdomain.com/failed | +| $request.body#/successUrls/1 | https://clientdomain.com/medium | +| $response.header.Location | https://example.org/subscription/1 | ##### Callback Object Examples -The following example uses the user provided `queryUrl` query string parameter to define the callback URL. This is an example of how to use a callback object to describe a WebHook callback that goes with the subscription operation to enable registering for the WebHook. +The following example uses the user provided `queryUrl` query string parameter to define the callback URL. This is an example of how to use a callback object to describe a WebHook callback that goes with the subscription operation to enable registering for the WebHook. ```yaml myCallback: @@ -2160,12 +2161,13 @@ This object is typically used in properties named `examples` (plural), and is a Examples allow demonstration of the usage of properties, parameters and objects within OpenAPI. ##### Fixed Fields -Field Name | Type | Description ----|:---:|--- -summary | `string` | Short description for the example. -description | `string` | Long description for the example. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. -value | Any | Embedded literal example. The `value` field and `externalValue` field are mutually exclusive. To represent examples of media types that cannot naturally represented in JSON or YAML, use a string value to contain the example, escaping where necessary. -externalValue | `string` | A URL that points to the literal example. This provides the capability to reference examples that cannot easily be included in JSON or YAML documents. The `value` field and `externalValue` field are mutually exclusive. See the rules for resolving [Relative References](#relativeReferences). + +| Field Name | Type | Description | +| ------------------------------------------------ | :------: | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| summary | `string` | Short description for the example. | +| description | `string` | Long description for the example. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | +| value | Any | Embedded literal example. The `value` field and `externalValue` field are mutually exclusive. To represent examples of media types that cannot naturally represented in JSON or YAML, use a string value to contain the example, escaping where necessary. | +| externalValue | `string` | A URL that points to the literal example. This provides the capability to reference examples that cannot easily be included in JSON or YAML documents. The `value` field and `externalValue` field are mutually exclusive. See the rules for resolving [Relative References](#relativeReferences). | This object MAY be extended with [Specification Extensions](#specificationExtensions). @@ -2176,7 +2178,7 @@ Tooling implementations MAY choose to validate compatibility automatically, and Example Objects can be used in both [Parameter Objects](#parameterObject) and [Media Type Objects](#mediaTypeObject). In both Objects, this is done through the `examples` (plural) field. -However, there are two other ways to provide examples: The `example` (singular) field that is mutually exclusive with `examples` in both Objects, and the `example` (singular) field in the [Schema Object](#schemaObject) that appears in the `schema` field of both Objects. +However, there are two other ways to provide examples: The `example` (singular) field that is mutually exclusive with `examples` in both Objects, and the `example` (singular) field in the [Schema Object](#schemaObject) that appears in the `schema` field of both Objects. Each of these fields has slightly different considerations. The Schema Object's `example` field is used to show example values without regard to how they might be formatted as parameters or within media type representations. @@ -2204,10 +2206,10 @@ requestBody: examples: foo: summary: A foo example - value: {"foo": "bar"} + value: { 'foo': 'bar' } bar: summary: A bar example - value: {"bar": "baz"} + value: { 'bar': 'baz' } application/xml: examples: xmlExample: @@ -2279,7 +2281,6 @@ application/json: In the above example, we can just show the JSON string (or any JSON value) as-is, rather than stuffing a serialized JSON value into a JSON string, which would have looked like `"\"json\""`. - In contrast, a JSON string encoded inside of a URL-style form body: ```json @@ -2331,24 +2332,24 @@ The presence of a link does not guarantee the caller's ability to successfully i Unlike _dynamic_ links (i.e. links provided **in** the response payload), the OAS linking mechanism does not require link information in the runtime response. -For computing links, and providing instructions to execute them, a [runtime expression](#runtimeExpression) is used for accessing values in an operation and using them as parameters while invoking the linked operation. +For computing links, and providing instructions to execute them, a [runtime expression](#runtimeExpression) is used for accessing values in an operation and using them as parameters while invoking the linked operation. ##### Fixed Fields -Field Name | Type | Description ----|:---:|--- -operationRef | `string` | A relative or absolute URI reference to an OAS operation. This field is mutually exclusive of the `operationId` field, and MUST point to an [Operation Object](#operationObject). Relative `operationRef` values MAY be used to locate an existing [Operation Object](#operationObject) in the OpenAPI description. -operationId | `string` | The name of an _existing_, resolvable OAS operation, as defined with a unique `operationId`. This field is mutually exclusive of the `operationRef` field. -parameters | Map[`string`, Any \| [{expression}](#runtimeExpression)] | A map representing parameters to pass to an operation as specified with `operationId` or identified via `operationRef`. The key is the parameter name to be used (optionally qualified with the parameter location, e.g. `path.id` for an `id` parameter in the path), whereas the value can be a constant or an expression to be evaluated and passed to the linked operation. -requestBody | Any \| [{expression}](#runtimeExpression) | A literal value or [{expression}](#runtimeExpression) to use as a request body when calling the target operation. -description | `string` | A description of the link. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. -server | [Server Object](#serverObject) | A server object to be used by the target operation. +| Field Name | Type | Description | +| ------------------------------------------- | :------------------------------------------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| operationRef | `string` | A relative or absolute URI reference to an OAS operation. This field is mutually exclusive of the `operationId` field, and MUST point to an [Operation Object](#operationObject). Relative `operationRef` values MAY be used to locate an existing [Operation Object](#operationObject) in the OpenAPI description. | +| operationId | `string` | The name of an _existing_, resolvable OAS operation, as defined with a unique `operationId`. This field is mutually exclusive of the `operationRef` field. | +| parameters | Map[`string`, Any \| [{expression}](#runtimeExpression)] | A map representing parameters to pass to an operation as specified with `operationId` or identified via `operationRef`. The key is the parameter name to be used (optionally qualified with the parameter location, e.g. `path.id` for an `id` parameter in the path), whereas the value can be a constant or an expression to be evaluated and passed to the linked operation. | +| requestBody | Any \| [{expression}](#runtimeExpression) | A literal value or [{expression}](#runtimeExpression) to use as a request body when calling the target operation. | +| description | `string` | A description of the link. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | +| server | [Server Object](#serverObject) | A server object to be used by the target operation. | This object MAY be extended with [Specification Extensions](#specificationExtensions). A linked operation MUST be identified using either an `operationRef` or `operationId`. In the case of an `operationId`, it MUST be unique and resolved in the scope of the OpenAPI description. -Because of the potential for name clashes, the `operationRef` syntax is preferred +Because of the potential for name clashes, the `operationRef` syntax is preferred for multi-document OpenAPI descriptions. Note that it is not possible to provide a constant value to `parameters` that matches the syntax of a runtime expression. @@ -2362,12 +2363,12 @@ Computing a link from a request operation where the `$request.path.id` is used t paths: /users/{id}: parameters: - - name: id - in: path - required: true - description: the user identifier, as userId - schema: - type: string + - name: id + in: path + required: true + description: the user identifier, as userId + schema: + type: string get: responses: '200': @@ -2390,12 +2391,12 @@ paths: # the path item of the linked operation /users/{userid}/address: parameters: - - name: userid - in: path - required: true - description: the user identifier, as userId - schema: - type: string + - name: userid + in: path + required: true + description: the user identifier, as userId + schema: + type: string # linked operation get: operationId: getUserAddress @@ -2417,14 +2418,13 @@ links: userUuid: $response.body#/uuid ``` -Clients follow all links at their discretion. -Neither permissions, nor the capability to make a successful call to that link, is guaranteed +Clients follow all links at their discretion. +Neither permissions, nor the capability to make a successful call to that link, is guaranteed solely by the existence of a relationship. - ##### OperationRef Examples -As references to `operationId` MAY NOT be possible (the `operationId` is an optional +As references to `operationId` MAY NOT be possible (the `operationId` is an optional field in an [Operation Object](#operationObject)), references MAY also be made through a relative `operationRef`: ```yaml @@ -2447,10 +2447,9 @@ links: username: $response.body#/username ``` -Note that in the use of `operationRef`, the _escaped forward-slash_ is necessary when +Note that in the use of `operationRef`, the _escaped forward-slash_ is necessary when using JSON Pointer, and it is necessary to URL-encode `{` and `}` as `%7B` and `%7D`, respectively when using JSON Pointer as URI fragments. - ##### Runtime Expressions Runtime expressions allow defining values based on information that will only be available within the HTTP message in an actual API call. @@ -2462,7 +2461,7 @@ The runtime expression is defined by the following [ABNF](https://tools.ietf.org expression = ( "$url" / "$method" / "$statusCode" / "$request." source / "$response." source ) source = ( header-reference / query-reference / path-reference / body-reference ) header-reference = "header." token - query-reference = "query." name + query-reference = "query." name path-reference = "path." name body-reference = "body" ["#" json-pointer ] json-pointer = *( "/" reference-token ) @@ -2479,21 +2478,21 @@ The runtime expression is defined by the following [ABNF](https://tools.ietf.org Here, `json-pointer` is taken from [RFC6901](https://tools.ietf.org/html/rfc6901), `char` from [RFC7159](https://tools.ietf.org/html/rfc7159#section-7) and `token` from [RFC7230](https://tools.ietf.org/html/rfc7230#section-3.2.6). -The `name` identifier is case-sensitive, whereas `token` is not. +The `name` identifier is case-sensitive, whereas `token` is not. The table below provides examples of runtime expressions and examples of their use in a value: ##### Examples -Source Location | example expression | notes ----|:---|:---| -HTTP Method | `$method` | The allowable values for the `$method` will be those for the HTTP operation. -Requested media type | `$request.header.accept` | -Request parameter | `$request.path.id` | Request parameters MUST be declared in the `parameters` section of the parent operation or they cannot be evaluated. This includes request headers. -Request body property | `$request.body#/user/uuid` | In operations which accept payloads, references may be made to portions of the `requestBody` or the entire body. -Request URL | `$url` | -Response value | `$response.body#/status` | In operations which return payloads, references may be made to portions of the response body or the entire body. -Response header | `$response.header.Server` | Single header values only are available +| Source Location | example expression | notes | +| --------------------- | :------------------------- | :-------------------------------------------------------------------------------------------------------------------------------------------------- | +| HTTP Method | `$method` | The allowable values for the `$method` will be those for the HTTP operation. | +| Requested media type | `$request.header.accept` | +| Request parameter | `$request.path.id` | Request parameters MUST be declared in the `parameters` section of the parent operation or they cannot be evaluated. This includes request headers. | +| Request body property | `$request.body#/user/uuid` | In operations which accept payloads, references may be made to portions of the `requestBody` or the entire body. | +| Request URL | `$url` | +| Response value | `$response.body#/status` | In operations which return payloads, references may be made to portions of the response body or the entire body. | +| Response header | `$response.header.Server` | Single header values only are available | Runtime expressions preserve the type of the referenced value. Expressions can be embedded into string values by surrounding the expression with `{}` curly braces. @@ -2502,11 +2501,11 @@ Expressions can be embedded into string values by surrounding the expression wit Describes a single header for [HTTP responses](#responseHeaders) and for [individual parts in `multipart` representations](#encodingHeaders); see the relevant [Response Object](#responseObject) and [Encoding Object](#encodingObject) documentation for restrictions on which headers can be described. -The Header Object follows the structure of the [Parameter Object](#parameterObject), including determining its serialization strategy based on whether `schema` or `content` is present, with the following changes: +The Header Object follows the structure of the [Parameter Object](#parameterObject), including determining its serialization strategy based on whether `schema` or `content` is present, with the following changes: 1. `name` MUST NOT be specified, it is given in the corresponding `headers` map. 1. `in` MUST NOT be specified, it is implicitly in `header`. -1. All traits that are affected by the location MUST be applicable to a location of `header` (for example, [`style`](#parameterStyle)). This means that `allowEmptyValue` and `allowReserved` MUST NOT be used, and `style`, if used, MUST be limited to `simple`. +1. All traits that are affected by the location MUST be applicable to a location of `header` (for example, [`style`](#parameterStyle)). This means that `allowEmptyValue` and `allowReserved` MUST NOT be used, and `style`, if used, MUST be limited to `simple`. ##### Fixed Fields @@ -2514,11 +2513,11 @@ The Header Object follows the structure of the [Parameter Object](#parameterObje These fields MAY be used with either `content` or `schema`. -Field Name | Type | Description ----|:---:|--- -description | `string` | A brief description of the header. This could contain examples of use. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. -required | `boolean` | Determines whether this header is mandatory. The default value is `false`. - deprecated | `boolean` | Specifies that the header is deprecated and SHOULD be transitioned out of usage. Default value is `false`. +| Field Name | Type | Description | +| ------------------------------------------- | :-------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| description | `string` | A brief description of the header. This could contain examples of use. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | +| required | `boolean` | Determines whether this header is mandatory. The default value is `false`. | +| deprecated | `boolean` | Specifies that the header is deprecated and SHOULD be transitioned out of usage. Default value is `false`. | This object MAY be extended with [Specification Extensions](#specificationExtensions). @@ -2532,13 +2531,13 @@ Serializing with `schema` is NOT RECOMMENDED for headers with parameters (name=v When `example` or `examples` are provided in conjunction with the `schema` object, the example SHOULD match the specified schema and follow the prescribed serialization strategy for the header. The `example` and `examples` fields are mutually exclusive, and if either is present it SHALL _override_ any `example` in the schema. -Field Name | Type | Description ----|:---:|--- -style | `string` | Describes how the header value will be serialized. The default (and only legal value for headers) is `simple`. -explode | `boolean` | When this is true, header values of type `array` or `object` generate a single header whose value is a comma-separated list of the array items or key-value pairs of the map, see [Style Examples](#style-examples). For other data types this property has no effect. The default value is `false`. -schema | [Schema Object](#schemaObject) \| [Reference Object](#referenceObject) | The schema defining the type used for the header. -example | Any | Example of the header's potential value; see [Working With Examples](#working-with-examples). -examples | Map[ `string`, [Example Object](#exampleObject) \| [Reference Object](#referenceObject)] | Examples of the header's potential value; see [Working With Examples](#working-with-examples). +| Field Name | Type | Description | +| ------------------------------------- | :--------------------------------------------------------------------------------------: | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| style | `string` | Describes how the header value will be serialized. The default (and only legal value for headers) is `simple`. | +| explode | `boolean` | When this is true, header values of type `array` or `object` generate a single header whose value is a comma-separated list of the array items or key-value pairs of the map, see [Style Examples](#style-examples). For other data types this property has no effect. The default value is `false`. | +| schema | [Schema Object](#schemaObject) \| [Reference Object](#referenceObject) | The schema defining the type used for the header. | +| example | Any | Example of the header's potential value; see [Working With Examples](#working-with-examples). | +| examples | Map[ `string`, [Example Object](#exampleObject) \| [Reference Object](#referenceObject)] | Examples of the header's potential value; see [Working With Examples](#working-with-examples). | See also [Appendix C: Using RFC6570 Implementations](#usingRFC6570Implementations) for additional guidance. @@ -2547,9 +2546,9 @@ See also [Appendix C: Using RFC6570 Implementations](#usingRFC6570Implementation For more complex scenarios, the [`content`](#headerContent) property can define the media type and schema of the header, as well as give examples of its use. Using `content` with a `text/plain` media type is RECOMMENDED for headers where the `schema` strategy is not appropriate. -Field Name | Type | Description ----|:---:|--- -content | Map[`string`, [Media Type Object](#mediaTypeObject)] | A map containing the representations for the header. The key is the media type and the value describes it. The map MUST only contain one entry. +| Field Name | Type | Description | +| ----------------------------------- | :--------------------------------------------------: | ----------------------------------------------------------------------------------------------------------------------------------------------- | +| content | Map[`string`, [Media Type Object](#mediaTypeObject)] | A map containing the representations for the header. The key is the media type and the value describes it. The map MUST only contain one entry. | ##### Header Object Example @@ -2571,7 +2570,7 @@ X-Rate-Limit-Limit: type: integer ``` -Requiring that a strong `ETag` header (with a value starting with `"` rather than `W/`) is present. Note the use of `content`, because using `schema` and `style` would require the `"` to be percent-encoded as `%22`: +Requiring that a strong `ETag` header (with a value starting with `"` rather than `W/`) is present. Note the use of `content`, because using `schema` and `style` would require the `"` to be percent-encoded as `%22`: ```json "ETag": { @@ -2594,7 +2593,7 @@ ETag: text/plain: schema: type: string - pattern: ^" + pattern: ^" ``` #### Tag Object @@ -2603,11 +2602,12 @@ Adds metadata to a single tag that is used by the [Operation Object](#operationO It is not mandatory to have a Tag Object per tag defined in the Operation Object instances. ##### Fixed Fields -Field Name | Type | Description ----|:---:|--- -name | `string` | **REQUIRED**. The name of the tag. -description | `string` | A description for the tag. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. -externalDocs | [External Documentation Object](#externalDocumentationObject) | Additional external documentation for this tag. + +| Field Name | Type | Description | +| ------------------------------------------ | :-----------------------------------------------------------: | ---------------------------------------------------------------------------------------------------------------------- | +| name | `string` | **REQUIRED**. The name of the tag. | +| description | `string` | A description for the tag. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | +| externalDocs | [External Documentation Object](#externalDocumentationObject) | Additional external documentation for this tag. | This object MAY be extended with [Specification Extensions](#specificationExtensions). @@ -2625,19 +2625,19 @@ name: pet description: Pets operations ``` - #### Reference Object A simple object to allow referencing other components in the OpenAPI document, internally and externally. -The Reference Object is defined by [JSON Reference](https://tools.ietf.org/html/draft-pbryan-zyp-json-ref-03) and follows the same structure, behavior and rules. +The Reference Object is defined by [JSON Reference](https://tools.ietf.org/html/draft-pbryan-zyp-json-ref-03) and follows the same structure, behavior and rules. For this specification, reference resolution is accomplished as defined by the JSON Reference specification and not by the JSON Schema specification. ##### Fixed Fields -Field Name | Type | Description ----|:---:|--- -$ref | `string` | **REQUIRED**. The reference string. + +| Field Name | Type | Description | +| ------------------------------- | :------: | ----------------------------------- | +| $ref | `string` | **REQUIRED**. The reference string. | This object cannot be extended with additional properties and any properties added SHALL be ignored. @@ -2654,6 +2654,7 @@ $ref: '#/components/schemas/Pet' ``` ##### Relative Schema Document Example + ```json { "$ref": "Pet.json" @@ -2665,6 +2666,7 @@ $ref: Pet.yaml ``` ##### Relative Documents With Embedded Schema Example + ```json { "$ref": "definitions.json#/Pet" @@ -2684,7 +2686,7 @@ This object is an extended subset of the [JSON Schema Specification Wright Draft For more information about the properties, see [JSON Schema Core](https://tools.ietf.org/html/draft-wright-json-schema-00) and [JSON Schema Validation](https://tools.ietf.org/html/draft-wright-json-schema-validation-00). Unless stated otherwise, the property definitions follow those of JSON Schema and do not add any additional semantics. -##### Properties +##### Properties The following properties are taken directly from the JSON Schema definition and follow the same specifications: @@ -2705,7 +2707,8 @@ The following properties are taken directly from the JSON Schema definition and - required - enum -The following properties are taken from the JSON Schema definition but their definitions were adjusted to the OpenAPI Specification. +The following properties are taken from the JSON Schema definition but their definitions were adjusted to the OpenAPI Specification. + - type - Value MUST be a string. Multiple types via an array are not supported. - allOf - Inline or referenced schema MUST be of a [Schema Object](#schemaObject) and not a standard JSON Schema. - oneOf - Inline or referenced schema MUST be of a [Schema Object](#schemaObject) and not a standard JSON Schema. @@ -2725,29 +2728,31 @@ Additional properties defined by the JSON Schema specification that are not ment Other than the JSON Schema subset fields, the following fields MAY be used for further schema documentation: ##### Fixed Fields -Field Name | Type | Description ----|:---:|--- -nullable | `boolean` | A `true` value adds `"null"` to the allowed type specified by the `type` keyword, only if `type` is explicitly defined within the same Schema Object. Other Schema Object constraints retain their defined behavior, and therefore may disallow the use of `null` as a value. A `false` value leaves the specified or default `type` unmodified. The default value is `false`. -discriminator | [Discriminator Object](#discriminatorObject) | Adds support for polymorphism. The discriminator is used to determine which of a set of schemas a payload is expected to satisfy. See [Composition and Inheritance](#schemaComposition) for more details. -readOnly | `boolean` | Relevant only for Schema `"properties"` definitions. Declares the property as "read only". This means that it MAY be sent as part of a response but SHOULD NOT be sent as part of the request. If the property is marked as `readOnly` being `true` and is in the `required` list, the `required` will take effect on the response only. A property MUST NOT be marked as both `readOnly` and `writeOnly` being `true`. Default value is `false`. -writeOnly | `boolean` | Relevant only for Schema `"properties"` definitions. Declares the property as "write only". Therefore, it MAY be sent as part of a request but SHOULD NOT be sent as part of the response. If the property is marked as `writeOnly` being `true` and is in the `required` list, the `required` will take effect on the request only. A property MUST NOT be marked as both `readOnly` and `writeOnly` being `true`. Default value is `false`. -xml | [XML Object](#xmlObject) | This MAY be used only on properties schemas. It has no effect on root schemas. Adds additional metadata to describe the XML representation of this property. -externalDocs | [External Documentation Object](#externalDocumentationObject) | Additional external documentation for this schema. -example | Any | A free-form property to include an example of an instance for this schema. To represent examples that cannot be naturally represented in JSON or YAML, a string value can be used to contain the example with escaping where necessary. - deprecated | `boolean` | Specifies that a schema is deprecated and SHOULD be transitioned out of usage. Default value is `false`. + +| Field Name | Type | Description | +| ----------------------------------------------- | :-----------------------------------------------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| nullable | `boolean` | A `true` value adds `"null"` to the allowed type specified by the `type` keyword, only if `type` is explicitly defined within the same Schema Object. Other Schema Object constraints retain their defined behavior, and therefore may disallow the use of `null` as a value. A `false` value leaves the specified or default `type` unmodified. The default value is `false`. | +| discriminator | [Discriminator Object](#discriminatorObject) | Adds support for polymorphism. The discriminator is used to determine which of a set of schemas a payload is expected to satisfy. See [Composition and Inheritance](#schemaComposition) for more details. | +| readOnly | `boolean` | Relevant only for Schema `"properties"` definitions. Declares the property as "read only". This means that it MAY be sent as part of a response but SHOULD NOT be sent as part of the request. If the property is marked as `readOnly` being `true` and is in the `required` list, the `required` will take effect on the response only. A property MUST NOT be marked as both `readOnly` and `writeOnly` being `true`. Default value is `false`. | +| writeOnly | `boolean` | Relevant only for Schema `"properties"` definitions. Declares the property as "write only". Therefore, it MAY be sent as part of a request but SHOULD NOT be sent as part of the response. If the property is marked as `writeOnly` being `true` and is in the `required` list, the `required` will take effect on the request only. A property MUST NOT be marked as both `readOnly` and `writeOnly` being `true`. Default value is `false`. | +| xml | [XML Object](#xmlObject) | This MAY be used only on properties schemas. It has no effect on root schemas. Adds additional metadata to describe the XML representation of this property. | +| externalDocs | [External Documentation Object](#externalDocumentationObject) | Additional external documentation for this schema. | +| example | Any | A free-form property to include an example of an instance for this schema. To represent examples that cannot be naturally represented in JSON or YAML, a string value can be used to contain the example with escaping where necessary. | +| deprecated | `boolean` | Specifies that a schema is deprecated and SHOULD be transitioned out of usage. Default value is `false`. | This object MAY be extended with [Specification Extensions](#specificationExtensions). ###### Composition and Inheritance (Polymorphism) The OpenAPI Specification allows combining and extending model definitions using the `allOf` property of JSON Schema, in effect offering model composition. -`allOf` takes an array of object definitions that are validated *independently* but together compose a single object. +`allOf` takes an array of object definitions that are validated _independently_ but together compose a single object. While composition offers model extensibility, it does not imply a hierarchy between the models. To support polymorphism, the OpenAPI Specification adds the [`discriminator`](#schemaDiscriminator) field. When used, the `discriminator` indicates the name of the property that hints which schema definition is expected to validate the structure of the model. As such, the `discriminator` field MUST be a required field. There are two ways to define the value of a discriminator for an inheriting instance. + - Use the schema name. - [Override the schema name](#discriminatorMapping) by overriding the property with a new value. If a new value exists, this takes precedence over the schema name. @@ -2777,9 +2782,7 @@ format: email ```json { "type": "object", - "required": [ - "name" - ], + "required": ["name"], "properties": { "name": { "type": "string" @@ -2799,7 +2802,7 @@ format: email ```yaml type: object required: -- name + - name properties: name: type: string @@ -2861,9 +2864,7 @@ additionalProperties: "type": "string" } }, - "required": [ - "name" - ], + "required": ["name"], "example": { "name": "Puma", "id": 1 @@ -2880,7 +2881,7 @@ properties: name: type: string required: -- name + - name example: name: Puma id: 1 @@ -2894,10 +2895,7 @@ example: "schemas": { "ErrorModel": { "type": "object", - "required": [ - "message", - "code" - ], + "required": ["message", "code"], "properties": { "message": { "type": "string" @@ -2916,9 +2914,7 @@ example: }, { "type": "object", - "required": [ - "rootCause" - ], + "required": ["rootCause"], "properties": { "rootCause": { "type": "string" @@ -2938,8 +2934,8 @@ components: ErrorModel: type: object required: - - message - - code + - message + - code properties: message: type: string @@ -2949,13 +2945,13 @@ components: maximum: 600 ExtendedErrorModel: allOf: - - $ref: '#/components/schemas/ErrorModel' - - type: object - required: - - rootCause - properties: - rootCause: - type: string + - $ref: '#/components/schemas/ErrorModel' + - type: object + required: + - rootCause + properties: + rootCause: + type: string ``` ###### Models with Polymorphism Support @@ -2977,10 +2973,7 @@ components: "type": "string" } }, - "required": [ - "name", - "petType" - ] + "required": ["name", "petType"] }, "Cat": { "description": "A representation of a cat. Note that `Cat` will be used as the discriminating value.", @@ -2995,17 +2988,10 @@ components: "type": "string", "description": "The measured skill for hunting", "default": "lazy", - "enum": [ - "clueless", - "lazy", - "adventurous", - "aggressive" - ] + "enum": ["clueless", "lazy", "adventurous", "aggressive"] } }, - "required": [ - "huntingSkill" - ] + "required": ["huntingSkill"] } ] }, @@ -3026,9 +3012,7 @@ components: "minimum": 0 } }, - "required": [ - "packSize" - ] + "required": ["packSize"] } ] } @@ -3050,38 +3034,38 @@ components: petType: type: string required: - - name - - petType - Cat: # "Cat" will be used as the discriminating value + - name + - petType + Cat: # "Cat" will be used as the discriminating value description: A representation of a cat allOf: - - $ref: '#/components/schemas/Pet' - - type: object - properties: - huntingSkill: - type: string - description: The measured skill for hunting - enum: - - clueless - - lazy - - adventurous - - aggressive - required: - - huntingSkill - Dog: # "Dog" will be used as the discriminating value + - $ref: '#/components/schemas/Pet' + - type: object + properties: + huntingSkill: + type: string + description: The measured skill for hunting + enum: + - clueless + - lazy + - adventurous + - aggressive + required: + - huntingSkill + Dog: # "Dog" will be used as the discriminating value description: A representation of a dog allOf: - - $ref: '#/components/schemas/Pet' - - type: object - properties: - packSize: - type: integer - format: int32 - description: the size of the pack the dog is from - default: 0 - minimum: 0 - required: - - packSize + - $ref: '#/components/schemas/Pet' + - type: object + properties: + packSize: + type: integer + format: int32 + description: the size of the pack the dog is from + default: 0 + minimum: 0 + required: + - packSize ``` #### Discriminator Object @@ -3093,12 +3077,14 @@ The Discriminator Object does this by implicitly or explicitly associating the p Note that `discriminator` MUST NOT change the validation outcome of the schema. ##### Fixed Fields -Field Name | Type | Description ----|:---:|--- -propertyName | `string` | **REQUIRED**. The name of the property in the payload that will hold the discriminating value. This property SHOULD be required in the payload schema, as the behavior when the property is absent is undefined. - mapping | Map[`string`, `string`] | An object to hold mappings between payload values and schema names or URI references. + +| Field Name | Type | Description | +| ------------------------------------------- | :---------------------: | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| propertyName | `string` | **REQUIRED**. The name of the property in the payload that will hold the discriminating value. This property SHOULD be required in the payload schema, as the behavior when the property is absent is undefined. | +| mapping | Map[`string`, `string`] | An object to hold mappings between payload values and schema names or URI references. | ##### Conditions for Using the Discriminator Object + The Discriminator Object is legal only when using one of the composite keywords `oneOf`, `anyOf`, `allOf`. In both the `oneOf` and `anyOf` use cases, where those keywords are adjacent to `discriminator`, all possible schemas MUST be listed explicitly. @@ -3113,6 +3099,7 @@ This is because `discriminator` cannot change the validation outcome, and no sta The behavior of any configuration of `oneOf`, `anyOf`, `allOf` and `discriminator` that is not described above is undefined. ##### Options for Mapping Values to Schemas + The value of the property named in `propertyName` is used as the name of the associated schema under the [Components Object](#componentsObject), _unless_ a `mapping` is present for that value. The `mapping` entry maps a specific property value to either a different schema component name, or to a schema identified by a URI. When using implicit or explicit schema component names, inline `oneOf` or `anyOf` subschemas are not considered. @@ -3131,9 +3118,9 @@ In OAS 3.0, a response payload MAY be described to be exactly one of any number ```yaml MyResponseType: oneOf: - - $ref: '#/components/schemas/Cat' - - $ref: '#/components/schemas/Dog' - - $ref: '#/components/schemas/Lizard' + - $ref: '#/components/schemas/Cat' + - $ref: '#/components/schemas/Dog' + - $ref: '#/components/schemas/Lizard' ``` which means the payload _MUST_, by validation, match exactly one of the schemas described by `Cat`, `Dog`, or `Lizard`. Deserialization of a `oneOf` can be a costly operation, as it requires determining which schema matches the payload and thus should be used in deserialization. This problem also exists for `anyOf` schemas. A `discriminator` MAY be used as a "hint" to improve the efficiency of selection of the matching schema. The `discriminator` field cannot change the validation result of the `oneOf`, it can only help make the deserialization more efficient and provide better error messaging. We can specify the exact field that tells us which schema is expected to match the instance: @@ -3141,14 +3128,14 @@ which means the payload _MUST_, by validation, match exactly one of the schemas ```yaml MyResponseType: oneOf: - - $ref: '#/components/schemas/Cat' - - $ref: '#/components/schemas/Dog' - - $ref: '#/components/schemas/Lizard' + - $ref: '#/components/schemas/Cat' + - $ref: '#/components/schemas/Dog' + - $ref: '#/components/schemas/Lizard' discriminator: propertyName: petType ``` -The expectation now is that a property with name `petType` _MUST_ be present in the response payload, and the value will correspond to the name of a schema defined in the OpenAPI description. Thus the response payload: +The expectation now is that a property with name `petType` _MUST_ be present in the response payload, and the value will correspond to the name of a schema defined in the OpenAPI description. Thus the response payload: ```json { @@ -3164,10 +3151,10 @@ In scenarios where the value of the discriminator field does not match the schem ```yaml MyResponseType: oneOf: - - $ref: '#/components/schemas/Cat' - - $ref: '#/components/schemas/Dog' - - $ref: '#/components/schemas/Lizard' - - $ref: https://gigantic-server.com/schemas/Monster/schema.json + - $ref: '#/components/schemas/Cat' + - $ref: '#/components/schemas/Dog' + - $ref: '#/components/schemas/Lizard' + - $ref: https://gigantic-server.com/schemas/Monster/schema.json discriminator: propertyName: petType mapping: @@ -3175,7 +3162,7 @@ MyResponseType: monster: https://gigantic-server.com/schemas/Monster/schema.json ``` -Here the discriminating value of `dog` will map to the schema `#/components/schemas/Dog`, rather than the default (implicit) value of `#/components/schemas/dog`. If the discriminating value does not match an implicit or explicit mapping, no schema can be determined and validation SHOULD fail. +Here the discriminating value of `dog` will map to the schema `#/components/schemas/Dog`, rather than the default (implicit) value of `#/components/schemas/dog`. If the discriminating value does not match an implicit or explicit mapping, no schema can be determined and validation SHOULD fail. When used in conjunction with the `anyOf` construct, the use of the discriminator can avoid ambiguity for serializers/deserializers where multiple schemas may satisfy a single payload. @@ -3187,7 +3174,7 @@ components: Pet: type: object required: - - petType + - petType properties: petType: type: string @@ -3197,28 +3184,28 @@ components: dog: Dog Cat: allOf: - - $ref: '#/components/schemas/Pet' - - type: object - # all other properties specific to a `Cat` - properties: - name: - type: string + - $ref: '#/components/schemas/Pet' + - type: object + # all other properties specific to a `Cat` + properties: + name: + type: string Dog: allOf: - - $ref: '#/components/schemas/Pet' - - type: object - # all other properties specific to a `Dog` - properties: - bark: - type: string + - $ref: '#/components/schemas/Pet' + - type: object + # all other properties specific to a `Dog` + properties: + bark: + type: string Lizard: allOf: - - $ref: '#/components/schemas/Pet' - - type: object - # all other properties specific to a `Lizard` - properties: - lovesRocks: - type: boolean + - $ref: '#/components/schemas/Pet' + - type: object + # all other properties specific to a `Lizard` + properties: + lovesRocks: + type: boolean ``` Validated against the `Pet` schema, a payload like this: @@ -3230,7 +3217,7 @@ Validated against the `Pet` schema, a payload like this: } ``` -will indicate that the `#/components/schemas/Cat` schema is expected to match. Likewise this payload: +will indicate that the `#/components/schemas/Cat` schema is expected to match. Likewise this payload: ```json { @@ -3241,30 +3228,30 @@ will indicate that the `#/components/schemas/Cat` schema is expected to match. will map to `#/components/schemas/Dog` because the `dog` entry in the `mapping` element maps to `Dog` which is the schema name for `#/components/schemas/Dog`. - #### XML Object A metadata object that allows for more fine-tuned XML model definitions. -When using arrays, XML element names are *not* inferred (for singular/plural forms) and the `name` property SHOULD be used to add that information. +When using arrays, XML element names are _not_ inferred (for singular/plural forms) and the `name` property SHOULD be used to add that information. See examples for expected behavior. ##### Fixed Fields -Field Name | Type | Description ----|:---:|--- -name | `string` | Replaces the name of the element/attribute used for the described schema property. When defined within `items`, it will affect the name of the individual XML elements within the list. When defined alongside `type` being `array` (outside the `items`), it will affect the wrapping element and only if `wrapped` is `true`. If `wrapped` is `false`, it will be ignored. -namespace | `string` | The URI of the namespace definition. Value MUST be in the form of a non-relative URI. -prefix | `string` | The prefix to be used for the [name](#xmlName). -attribute | `boolean` | Declares whether the property definition translates to an attribute instead of an element. Default value is `false`. -wrapped | `boolean` | MAY be used only for an array definition. Signifies whether the array is wrapped (for example, ``) or unwrapped (``). Default value is `false`. The definition takes effect only when defined alongside `type` being `array` (outside the `items`). + +| Field Name | Type | Description | +| ------------------------------------ | :-------: | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| name | `string` | Replaces the name of the element/attribute used for the described schema property. When defined within `items`, it will affect the name of the individual XML elements within the list. When defined alongside `type` being `array` (outside the `items`), it will affect the wrapping element and only if `wrapped` is `true`. If `wrapped` is `false`, it will be ignored. | +| namespace | `string` | The URI of the namespace definition. Value MUST be in the form of a non-relative URI. | +| prefix | `string` | The prefix to be used for the [name](#xmlName). | +| attribute | `boolean` | Declares whether the property definition translates to an attribute instead of an element. Default value is `false`. | +| wrapped | `boolean` | MAY be used only for an array definition. Signifies whether the array is wrapped (for example, ``) or unwrapped (``). Default value is `false`. The definition takes effect only when defined alongside `type` being `array` (outside the `items`). | This object MAY be extended with [Specification Extensions](#specificationExtensions). The `namespace` field is intended to match the syntax of [XML namespaces](https://www.w3.org/TR/xml-names11/), although there are a few caveats: -* Version 3.0.3 and earlier of this specification erroneously used the term "absolute URI" instead of "non-relative URI", so authors using namespaces that include a fragment should check tooling support carefully. -* XML allows but discourages relative URI-references, while this specification outright forbids them. -* XML 1.1 allows IRIs ([RFC3987](https://datatracker.ietf.org/doc/html/rfc3987)) as namespaces, and specifies that namespaces are compared without any encoding or decoding, which means that IRIs encoded to meet this specification's URI syntax requirement cannot be compared to IRIs as-is. +- Version 3.0.3 and earlier of this specification erroneously used the term "absolute URI" instead of "non-relative URI", so authors using namespaces that include a fragment should check tooling support carefully. +- XML allows but discourages relative URI-references, while this specification outright forbids them. +- XML 1.1 allows IRIs ([RFC3987](https://datatracker.ietf.org/doc/html/rfc3987)) as namespaces, and specifies that namespaces are compared without any encoding or decoding, which means that IRIs encoded to meet this specification's URI syntax requirement cannot be compared to IRIs as-is. ##### XML Object Examples @@ -3342,7 +3329,6 @@ animals: ... ``` - ###### XML Attribute, Prefix and Namespace In this example, a full model definition is shown. @@ -3610,16 +3596,17 @@ Supported schemes are HTTP authentication, an API key (either as a header, a coo Please note that as of 2020, the implicit flow is about to be deprecated by [OAuth 2.0 Security Best Current Practice](https://tools.ietf.org/html/draft-ietf-oauth-security-topics). Recommended for most use cases is Authorization Code Grant flow with PKCE. ##### Fixed Fields -Field Name | Type | Applies To | Description ----|:---:|---|--- -type | `string` | Any | **REQUIRED**. The type of the security scheme. Valid values are `"apiKey"`, `"http"`, `"oauth2"`, `"openIdConnect"`. -description | `string` | Any | A description for security scheme. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. -name | `string` | `apiKey` | **REQUIRED**. The name of the header, query or cookie parameter to be used. -in | `string` | `apiKey` | **REQUIRED**. The location of the API key. Valid values are `"query"`, `"header"` or `"cookie"`. -scheme | `string` | `http` | **REQUIRED**. The name of the HTTP Authentication scheme to be used in the [Authorization header as defined in RFC7235](https://tools.ietf.org/html/rfc7235#section-5.1). The values used SHOULD be registered in the [IANA Authentication Scheme registry](https://www.iana.org/assignments/http-authschemes/http-authschemes.xhtml). The value is case-insensitive, as defined in [RFC7235](https://datatracker.ietf.org/doc/html/rfc7235#section-2.1). -bearerFormat | `string` | `http` (`"bearer"`) | A hint to the client to identify how the bearer token is formatted. Bearer tokens are usually generated by an authorization server, so this information is primarily for documentation purposes. -flows | [OAuth Flows Object](#oauthFlowsObject) | `oauth2` | **REQUIRED**. An object containing configuration information for the flow types supported. -openIdConnectUrl | `string` | `openIdConnect` | **REQUIRED**. [Well-known URL](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig) to discover the [[OpenID-Connect-Discovery]] [provider metadata](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata). + +| Field Name | Type | Applies To | Description | +| ------------------------------------------------------------- | :-------------------------------------: | ------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| type | `string` | Any | **REQUIRED**. The type of the security scheme. Valid values are `"apiKey"`, `"http"`, `"oauth2"`, `"openIdConnect"`. | +| description | `string` | Any | A description for security scheme. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | +| name | `string` | `apiKey` | **REQUIRED**. The name of the header, query or cookie parameter to be used. | +| in | `string` | `apiKey` | **REQUIRED**. The location of the API key. Valid values are `"query"`, `"header"` or `"cookie"`. | +| scheme | `string` | `http` | **REQUIRED**. The name of the HTTP Authentication scheme to be used in the [Authorization header as defined in RFC7235](https://tools.ietf.org/html/rfc7235#section-5.1). The values used SHOULD be registered in the [IANA Authentication Scheme registry](https://www.iana.org/assignments/http-authschemes/http-authschemes.xhtml). The value is case-insensitive, as defined in [RFC7235](https://datatracker.ietf.org/doc/html/rfc7235#section-2.1). | +| bearerFormat | `string` | `http` (`"bearer"`) | A hint to the client to identify how the bearer token is formatted. Bearer tokens are usually generated by an authorization server, so this information is primarily for documentation purposes. | +| flows | [OAuth Flows Object](#oauthFlowsObject) | `oauth2` | **REQUIRED**. An object containing configuration information for the flow types supported. | +| openIdConnectUrl | `string` | `openIdConnect` | **REQUIRED**. [Well-known URL](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig) to discover the [[OpenID-Connect-Discovery]] [provider metadata](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata). | This object MAY be extended with [Specification Extensions](#specificationExtensions). @@ -3703,12 +3690,13 @@ flows: Allows configuration of the supported OAuth Flows. ##### Fixed Fields -Field Name | Type | Description ----|:---:|--- -implicit| [OAuth Flow Object](#oauthFlowObject) | Configuration for the OAuth Implicit flow -password| [OAuth Flow Object](#oauthFlowObject) | Configuration for the OAuth Resource Owner Password flow -clientCredentials| [OAuth Flow Object](#oauthFlowObject) | Configuration for the OAuth Client Credentials flow. Previously called `application` in OpenAPI 2.0. -authorizationCode| [OAuth Flow Object](#oauthFlowObject) | Configuration for the OAuth Authorization Code flow. Previously called `accessCode` in OpenAPI 2.0. + +| Field Name | Type | Description | +| ----------------------------------------------------------- | :-----------------------------------: | ---------------------------------------------------------------------------------------------------- | +| implicit | [OAuth Flow Object](#oauthFlowObject) | Configuration for the OAuth Implicit flow | +| password | [OAuth Flow Object](#oauthFlowObject) | Configuration for the OAuth Resource Owner Password flow | +| clientCredentials | [OAuth Flow Object](#oauthFlowObject) | Configuration for the OAuth Client Credentials flow. Previously called `application` in OpenAPI 2.0. | +| authorizationCode | [OAuth Flow Object](#oauthFlowObject) | Configuration for the OAuth Authorization Code flow. Previously called `accessCode` in OpenAPI 2.0. | This object MAY be extended with [Specification Extensions](#specificationExtensions). @@ -3717,12 +3705,13 @@ This object MAY be extended with [Specification Extensions](#specificationExtens Configuration details for a supported OAuth Flow ##### Fixed Fields -Field Name | Type | Applies To | Description ----|:---:|---|--- -authorizationUrl | `string` | `oauth2` (`"implicit"`, `"authorizationCode"`) | **REQUIRED**. The authorization URL to be used for this flow. This MUST be in the form of a URL. The OAuth2 standard requires the use of TLS. -tokenUrl | `string` | `oauth2` (`"password"`, `"clientCredentials"`, `"authorizationCode"`) | **REQUIRED**. The token URL to be used for this flow. This MUST be in the form of a URL. The OAuth2 standard requires the use of TLS. -refreshUrl | `string` | `oauth2` | The URL to be used for obtaining refresh tokens. This MUST be in the form of a URL. The OAuth2 standard requires the use of TLS. -scopes | Map[`string`, `string`] | `oauth2` | **REQUIRED**. The available scopes for the OAuth2 security scheme. A map between the scope name and a short description for it. The map MAY be empty. + +| Field Name | Type | Applies To | Description | +| -------------------------------------------------------- | :---------------------: | --------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------- | +| authorizationUrl | `string` | `oauth2` (`"implicit"`, `"authorizationCode"`) | **REQUIRED**. The authorization URL to be used for this flow. This MUST be in the form of a URL. The OAuth2 standard requires the use of TLS. | +| tokenUrl | `string` | `oauth2` (`"password"`, `"clientCredentials"`, `"authorizationCode"`) | **REQUIRED**. The token URL to be used for this flow. This MUST be in the form of a URL. The OAuth2 standard requires the use of TLS. | +| refreshUrl | `string` | `oauth2` | The URL to be used for obtaining refresh tokens. This MUST be in the form of a URL. The OAuth2 standard requires the use of TLS. | +| scopes | Map[`string`, `string`] | `oauth2` | **REQUIRED**. The available scopes for the OAuth2 security scheme. A map between the scope name and a short description for it. The map MAY be empty. | This object MAY be extended with [Specification Extensions](#specificationExtensions). @@ -3779,9 +3768,9 @@ When a list of Security Requirement Objects is defined on the [OpenAPI Object](# ##### Patterned Fields -Field Pattern | Type | Description ----|:---:|--- -{name} | [`string`] | Each name MUST correspond to a security scheme which is declared in the [Security Schemes](#componentsSecuritySchemes) under the [Components Object](#componentsObject). If the security scheme is of type `"oauth2"` or `"openIdConnect"`, then the value is a list of scope names required for the execution, and the list MAY be empty if authorization does not require a specified scope. For other security scheme types, the array MUST be empty. +| Field Pattern | Type | Description | +| --------------------------------------------- | :--------: | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| {name} | [`string`] | Each name MUST correspond to a security scheme which is declared in the [Security Schemes](#componentsSecuritySchemes) under the [Components Object](#componentsObject). If the security scheme is of type `"oauth2"` or `"openIdConnect"`, then the value is a list of scope names required for the execution, and the list MAY be empty if authorization does not require a specified scope. For other security scheme types, the array MUST be empty. | ##### Security Requirement Object Examples @@ -3801,17 +3790,14 @@ api_key: [] ```json { - "petstore_auth": [ - "write:pets", - "read:pets" - ] + "petstore_auth": ["write:pets", "read:pets"] } ``` ```yaml petstore_auth: -- write:pets -- read:pets + - write:pets + - read:pets ``` ###### Optional OAuth2 Security @@ -3823,10 +3809,7 @@ Optional OAuth2 security as would be defined in an Ope "security": [ {}, { - "petstore_auth": [ - "write:pets", - "read:pets" - ] + "petstore_auth": ["write:pets", "read:pets"] } ] } @@ -3836,8 +3819,8 @@ Optional OAuth2 security as would be defined in an Ope security: - {} - petstore_auth: - - write:pets - - read:pets + - write:pets + - read:pets ``` ###### Security Requirement in a Referenced Document @@ -3884,7 +3867,7 @@ components: bearerFormat: JWT paths: /foo: - $ref: "other#/components/pathItems/Foo" + $ref: 'other#/components/pathItems/Foo' ``` Next, we have our referenced document, `other`. The fact that we don't use file extensions gives the client the flexibility to choose an acceptable format on a resource-by-resource basis, assuming both representations are available: @@ -3931,7 +3914,7 @@ components: Foo: get: security: - - MySecurity: [] + - MySecurity: [] ``` In the `other` document, the referenced path item has a Security Requirement for a Security Scheme, `MySecurity`. The same Security Scheme exists in the original entry document. As outlined in [Resolving Implicit Connections](#resolvingImplicitConnections), `MySecurity` is resolved with an [implementation-defined behavior](#undefinedAndImplementationDefinedBehavior). However, documented in that section, it is RECOMMENDED that tools resolve component names from the [entry document](#documentStructure). As with all implementation-defined behavior, it is important to check tool documentation to determine which behavior is supported. @@ -3942,9 +3925,9 @@ While the OpenAPI Specification tries to accommodate most use cases, additional The extensions properties are implemented as patterned fields that are always prefixed by `"x-"`. -Field Pattern | Type | Description ----|:---:|--- -^x- | Any | Allows extensions to the OpenAPI Schema. The field name MUST begin with `x-`, for example, `x-internal-id`. The value can be any valid JSON value (`null`, a primitive, an array or an object.) +| Field Pattern | Type | Description | +| -------------------------------- | :--: | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| ^x- | Any | Allows extensions to the OpenAPI Schema. The field name MUST begin with `x-`, for example, `x-internal-id`. The value can be any valid JSON value (`null`, a primitive, an array or an object.) | The OpenAPI Initiative maintains several [[OpenAPI-Registry|extension registries]], including registries for [individual extension keywords](https://spec.openapis.org/registry/extension/) and [extension keyword namespaces](https://spec.openapis.org/registry/namespace/). @@ -3955,7 +3938,7 @@ Support for any one extension is OPTIONAL, and support for one extension does no ### Security Filtering -Some objects in the OpenAPI Specification MAY be declared and remain empty, or be completely removed, even though they are inherently the core of the API documentation. +Some objects in the OpenAPI Specification MAY be declared and remain empty, or be completely removed, even though they are inherently the core of the API documentation. The reasoning is to allow an additional layer of access control over the documentation. While not part of the specification itself, certain libraries MAY choose to allow access to parts of the documentation based on some form of authentication/authorization. @@ -3970,6 +3953,7 @@ Two examples of this: ### OpenAPI Document Formats OpenAPI description documents use JSON, YAML, and JSON Schema, and therefore share their security considerations: + - [JSON](https://www.iana.org/assignments/media-types/application/json) - [YAML](https://www.iana.org/assignments/media-types/application/yaml) - [JSON Schema Core](https://tools.ietf.org/html/draft-wright-json-schema-00#section-10) @@ -3993,21 +3977,21 @@ Certain properties allow the use of Markdown which can contain HTML including sc ## Appendix A: Revision History -Version | Date | Notes ---- | --- | --- -3.0.4 | TBD | Patch release of the OpenAPI Specification 3.0.4 -3.0.3 | 2020-02-20 | Patch release of the OpenAPI Specification 3.0.3 -3.0.2 | 2018-10-08 | Patch release of the OpenAPI Specification 3.0.2 -3.0.1 | 2017-12-06 | Patch release of the OpenAPI Specification 3.0.1 -3.0.0 | 2017-07-26 | Release of the OpenAPI Specification 3.0.0 -3.0.0-rc2 | 2017-06-16 | rc2 of the 3.0 specification -3.0.0-rc1 | 2017-04-27 | rc1 of the 3.0 specification -3.0.0-rc0 | 2017-02-28 | Implementer's Draft of the 3.0 specification -2.0 | 2015-12-31 | Donation of Swagger 2.0 to the OpenAPI Initiative -2.0 | 2014-09-08 | Release of Swagger 2.0 -1.2 | 2014-03-14 | Initial release of the formal document. -1.1 | 2012-08-22 | Release of Swagger 1.1 -1.0 | 2011-08-10 | First release of the Swagger Specification +| Version | Date | Notes | +| --------- | ---------- | ------------------------------------------------- | +| 3.0.4 | TBD | Patch release of the OpenAPI Specification 3.0.4 | +| 3.0.3 | 2020-02-20 | Patch release of the OpenAPI Specification 3.0.3 | +| 3.0.2 | 2018-10-08 | Patch release of the OpenAPI Specification 3.0.2 | +| 3.0.1 | 2017-12-06 | Patch release of the OpenAPI Specification 3.0.1 | +| 3.0.0 | 2017-07-26 | Release of the OpenAPI Specification 3.0.0 | +| 3.0.0-rc2 | 2017-06-16 | rc2 of the 3.0 specification | +| 3.0.0-rc1 | 2017-04-27 | rc1 of the 3.0 specification | +| 3.0.0-rc0 | 2017-02-28 | Implementer's Draft of the 3.0 specification | +| 2.0 | 2015-12-31 | Donation of Swagger 2.0 to the OpenAPI Initiative | +| 2.0 | 2014-09-08 | Release of Swagger 2.0 | +| 1.2 | 2014-03-14 | Initial release of the formal document. | +| 1.1 | 2012-08-22 | Release of Swagger 1.1 | +| 1.0 | 2011-08-10 | First release of the Swagger Specification | ## Appendix B: Data Type Conversion @@ -4022,11 +4006,11 @@ However, there is no general-purpose specification for converting schema-validat Two cases do offer standards-based guidance: -* [RFC3987](https://datatracker.ietf.org/doc/html/rfc3987#section-3.1) provides guidance for converting non-Unicode strings to UTF-8, particularly in the context of URIs (and by extension, the form media types which use the same encoding rules) -* [RFC6570](https://www.rfc-editor.org/rfc/rfc6570#section-2.3) specifies which values, including but not limited to `null`, are considered _undefined_ and therefore treated specially in the expansion process when serializing based on that specification +- [RFC3987](https://datatracker.ietf.org/doc/html/rfc3987#section-3.1) provides guidance for converting non-Unicode strings to UTF-8, particularly in the context of URIs (and by extension, the form media types which use the same encoding rules) +- [RFC6570](https://www.rfc-editor.org/rfc/rfc6570#section-2.3) specifies which values, including but not limited to `null`, are considered _undefined_ and therefore treated specially in the expansion process when serializing based on that specification Implementations of RFC6570 often have their own conventions for converting non-string values, but these are implementation-specific and not defined by the RFC itself. -This is one reason for the OpenAPI Specification to leave these conversions as implementation-defined: It allows using RFC6570 implementations regardless of how they choose to perform the conversions. +This is one reason for the OpenAPI Specification to leave these conversions as implementation-defined: It allows using RFC6570 implementations regardless of how they choose to perform the conversions. To control the serialization of numbers, booleans, and `null` (or other values RFC6570 deems to be undefined) more precisely, schemas can be defined as `type: string` and constrained using `pattern`, `enum`, `format`, and other keywords to communicate how applications must pre-convert their data prior to schema validation. The resulting strings would not require any further type conversion. @@ -4041,10 +4025,10 @@ Requiring input as pre-formatted, schema-validated strings also improves round-t Serialization is defined in terms of RFC6570 URI Templates in two scenarios: -Object | Condition ------- | --------- -[Parameter Object](#parameterObject) | When `schema` is present -[Encoding Object](#encodingObject) | When encoding for `application/x-www-form-urlencoded` and any of `style`, `explode`, or `allowReserved` are used +| Object | Condition | +| ------------------------------------ | ---------------------------------------------------------------------------------------------------------------- | +| [Parameter Object](#parameterObject) | When `schema` is present | +| [Encoding Object](#encodingObject) | When encoding for `application/x-www-form-urlencoded` and any of `style`, `explode`, or `allowReserved` are used | Implementations of this specification MAY use an implementation of RFC6570 to perform variable expansion, however, some caveats apply. @@ -4057,16 +4041,16 @@ Using an implementation with a lower level of support will require additional ma Certain field values translate to RFC6570 operators (or lack thereof): -field | value | equivalent ------ | ----- | ---------- -style | simple | _n/a_ -style | matrix | `;` prefix operator -style | label | `.` prefix operator -style | form | `?` prefix operator -allowReserved | `false` | _n/a_ -allowReserved | `true` | `+` prefix operator -explode | `false` | _n/a_ -explode | `true` | `*` modifier suffix +| field | value | equivalent | +| ------------- | ------- | ------------------- | +| style | simple | _n/a_ | +| style | matrix | `;` prefix operator | +| style | label | `.` prefix operator | +| style | form | `?` prefix operator | +| allowReserved | `false` | _n/a_ | +| allowReserved | `true` | `+` prefix operator | +| explode | `false` | _n/a_ | +| explode | `true` | `*` modifier suffix | Multiple `style: form` parameters are equivalent to a single RFC6570 [variable list](https://www.rfc-editor.org/rfc/rfc6570#section-2.2) using the `?` prefix operator: @@ -4083,10 +4067,10 @@ parameters: type: string ``` -This example is equivalent to RFC6570's `{?foo*,bar}`, and ***NOT*** `{?foo*}{&bar}`, which is problematic because if `foo` is not defined, the result will be an invalid URI. +This example is equivalent to RFC6570's `{?foo*,bar}`, and **_NOT_** `{?foo*}{&bar}`, which is problematic because if `foo` is not defined, the result will be an invalid URI. The `&` prefix operator has no equivalent in the Parameter Object. -Note that RFC6570 does not specify behavior for compound values beyond the single level addressed by `explode`. The results of using objects or arrays where no behavior is clearly specified for them is implementation-defined. +Note that RFC6570 does not specify behavior for compound values beyond the single level addressed by `explode`. The results of using objects or arrays where no behavior is clearly specified for them is implementation-defined. ### Non-RFC6570 Field Values and Combinations @@ -4094,9 +4078,10 @@ Configurations with no direct RFC6570 equivalent SHOULD also be handled accordin Implementations MAY create a properly delimited URI Template with variables for individual names and values using RFC6570 regular or reserved expansion (based on `allowReserved`). This includes: - * the styles `pipeDelimited`, `spaceDelimited`, and `deepObject`, which have no equivalents at all - * the combination of the style `form` with `allowReserved: true`, which is not allowed because only one prefix operator can be used at a time - * any parameter name that is not a legal RFC6570 variable name + +- the styles `pipeDelimited`, `spaceDelimited`, and `deepObject`, which have no equivalents at all +- the combination of the style `form` with `allowReserved: true`, which is not allowed because only one prefix operator can be used at a time +- any parameter name that is not a legal RFC6570 variable name The Parameter Object's `name` field has a much more permissive syntax than [RFC6570 variable name syntax](https://www.rfc-editor.org/rfc/rfc6570#section-2.3). A parameter name that includes characters outside of the allowed RFC6570 variable character set MUST be percent-encoded before it can be used in a URI Template. @@ -4207,6 +4192,7 @@ Expanding our manually assembled template with our restructured data yields the ```urlencoded ?a=x%2By&b=x/y&c=x%5Ey&words=math%20is%20fun ``` + The `/` and the pre-percent-encoded `%2B` have been left alone, but the disallowed `^` character (inside a value) and space characters (in the template but outside of the expanded variables) were percent-encoded. #### Undefined Values and Manual URI Template Construction @@ -4222,7 +4208,6 @@ words: Using this data with our original RFC6570-friendly URI Template, `{?formulas*,words}`, produces the following: - ```urlencoded ?words=hello,world ``` @@ -4249,6 +4234,7 @@ Result: ``` #### Illegal Variable Names as Parameter Names + In this example, the heart emoji is not legal in URI Template names (or URIs): ```YAML @@ -4304,9 +4290,9 @@ _**NOTE:** In this section, the `application/x-www-form-urlencoded` and `multipa Percent-encoding is used in URIs and media types that derive their syntax from URIs. This process is concerned with three sets of characters, the names of which vary among specifications but are defined as follows for the purposes of this section: -* _unreserved_ characters do not need to be percent-encoded; while it is safe to percent-encode them, doing so produces a URI that is [not normalized](https://datatracker.ietf.org/doc/html/rfc3986#section-6.2.2.2) -* _reserved_ characters either have special behavior in the URI syntax (such as delimiting components) or are reserved for other specifications that need to define special behavior (e.g. `form-urlencoded` defines special behavior for `=`, `&`, and `+`) -* _unsafe_ characters are known to cause problems when parsing URIs in certain environments +- _unreserved_ characters do not need to be percent-encoded; while it is safe to percent-encode them, doing so produces a URI that is [not normalized](https://datatracker.ietf.org/doc/html/rfc3986#section-6.2.2.2) +- _reserved_ characters either have special behavior in the URI syntax (such as delimiting components) or are reserved for other specifications that need to define special behavior (e.g. `form-urlencoded` defines special behavior for `=`, `&`, and `+`) +- _unsafe_ characters are known to cause problems when parsing URIs in certain environments Unless otherwise specified, this section uses RFC3986's definition of [reserved](https://datatracker.ietf.org/doc/html/rfc3986#section-2.2) and [unreserved](https://datatracker.ietf.org/doc/html/rfc3986#section-2.3), and defines the unsafe set as all characters not included in either of those sets. @@ -4335,11 +4321,11 @@ Unfortunately, these specifications each define slightly different percent-encod This specification normatively cites the following relevant standards: -Specification | Date | OAS Usage | Percent-Encoding | Notes -------------- | ---- | --------- | ----- | ----- -[[RFC3986]] | 01/2005 | URI/URL syntax | [[RFC3986]] | obsoletes [[RFC1738]], [[RFC2396]] -[[RFC6570]] | 03/2012 | style-based serialization | [[RFC3986]] | does not use `+` for form‑urlencoded -[RFC1866](https://datatracker.ietf.org/doc/html/rfc1866#section-8.2.1) | 11/1995 | content-based serialization | [[RFC1738]] | obsoleted by [[HTML401]] [Section 17.13.4.1](https://www.w3.org/TR/html401/interact/forms.html#h-17.13.4.1), [[URL]] [Section 5](https://url.spec.whatwg.org/#urlencoded-serializing) +| Specification | Date | OAS Usage | Percent-Encoding | Notes | +| ---------------------------------------------------------------------- | ------- | --------------------------- | ---------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| [[RFC3986]] | 01/2005 | URI/URL syntax | [[RFC3986]] | obsoletes [[RFC1738]], [[RFC2396]] | +| [[RFC6570]] | 03/2012 | style-based serialization | [[RFC3986]] | does not use `+` for form‑urlencoded | +| [RFC1866](https://datatracker.ietf.org/doc/html/rfc1866#section-8.2.1) | 11/1995 | content-based serialization | [[RFC1738]] | obsoleted by [[HTML401]] [Section 17.13.4.1](https://www.w3.org/TR/html401/interact/forms.html#h-17.13.4.1), [[URL]] [Section 5](https://url.spec.whatwg.org/#urlencoded-serializing) | Style-based serialization is used in the [Parameter Object](#parameterObject) when `schema` is present, and in the [Encoding Object](#encodingObject) when at least one of `style`, `explode`, or `allowReserved` is present. See [Appendix C](#usingRFC6570Implementations) for more details of RFC6570's two different approaches to percent-encoding, including an example involving `+`. From d899954ae9dba2a7f556c1e0710a7bb3a56f11fc Mon Sep 17 00:00:00 2001 From: Lorna Mitchell Date: Thu, 1 Aug 2024 19:31:30 +0100 Subject: [PATCH 166/251] Run markdownlint with fix for layout and formatting --- versions/3.0.4.md | 234 +++++++++++++++++++++++----------------------- 1 file changed, 117 insertions(+), 117 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 4cfe7066a3..5d4b032201 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -20,52 +20,52 @@ For extension registries and other specifications published by the OpenAPI Initi -- [Definitions](#definitions) - - [OpenAPI Description](#oasDocument) - - [Path Templating](#pathTemplating) - - [Media Types](#mediaTypes) - - [HTTP Status Codes](#httpCodes) -- [Specification](#specification) - - [Versions](#versions) - - [Format](#format) - - [OpenAPI Description Structure](#documentStructure) - - [Data Types](#dataTypes) - - [Rich Text Formatting](#richText) - - [Relative References In URLs](#relativeReferences) - - [Schema](#schema) - - [OpenAPI Object](#oasObject) - - [Info Object](#infoObject) - - [Contact Object](#contactObject) - - [License Object](#licenseObject) - - [Server Object](#serverObject) - - [Server Variable Object](#serverVariableObject) - - [Components Object](#componentsObject) - - [Paths Object](#pathsObject) - - [Path Item Object](#pathItemObject) - - [Operation Object](#operationObject) - - [External Documentation Object](#externalDocumentationObject) - - [Parameter Object](#parameterObject) - - [Request Body Object](#requestBodyObject) - - [Media Type Object](#mediaTypeObject) - - [Encoding Object](#encodingObject) - - [Responses Object](#responsesObject) - - [Response Object](#responseObject) - - [Callback Object](#callbackObject) - - [Example Object](#exampleObject) - - [Link Object](#linkObject) - - [Header Object](#headerObject) - - [Tag Object](#tagObject) - - [Reference Object](#referenceObject) - - [Schema Object](#schemaObject) - - [Discriminator Object](#discriminatorObject) - - [XML Object](#xmlObject) - - [Security Scheme Object](#securitySchemeObject) - - [OAuth Flows Object](#oauthFlowsObject) - - [OAuth Flow Object](#oauthFlowObject) - - [Security Requirement Object](#securityRequirementObject) - - [Specification Extensions](#specificationExtensions) - - [Security Filtering](#securityFiltering) -- [Appendix A: Revision History](#revisionHistory) +* [Definitions](#definitions) + * [OpenAPI Description](#oasDocument) + * [Path Templating](#pathTemplating) + * [Media Types](#mediaTypes) + * [HTTP Status Codes](#httpCodes) +* [Specification](#specification) + * [Versions](#versions) + * [Format](#format) + * [OpenAPI Description Structure](#documentStructure) + * [Data Types](#dataTypes) + * [Rich Text Formatting](#richText) + * [Relative References In URLs](#relativeReferences) + * [Schema](#schema) + * [OpenAPI Object](#oasObject) + * [Info Object](#infoObject) + * [Contact Object](#contactObject) + * [License Object](#licenseObject) + * [Server Object](#serverObject) + * [Server Variable Object](#serverVariableObject) + * [Components Object](#componentsObject) + * [Paths Object](#pathsObject) + * [Path Item Object](#pathItemObject) + * [Operation Object](#operationObject) + * [External Documentation Object](#externalDocumentationObject) + * [Parameter Object](#parameterObject) + * [Request Body Object](#requestBodyObject) + * [Media Type Object](#mediaTypeObject) + * [Encoding Object](#encodingObject) + * [Responses Object](#responsesObject) + * [Response Object](#responseObject) + * [Callback Object](#callbackObject) + * [Example Object](#exampleObject) + * [Link Object](#linkObject) + * [Header Object](#headerObject) + * [Tag Object](#tagObject) + * [Reference Object](#referenceObject) + * [Schema Object](#schemaObject) + * [Discriminator Object](#discriminatorObject) + * [XML Object](#xmlObject) + * [Security Scheme Object](#securitySchemeObject) + * [OAuth Flows Object](#oauthFlowsObject) + * [OAuth Flow Object](#oauthFlowObject) + * [Security Requirement Object](#securityRequirementObject) + * [Specification Extensions](#specificationExtensions) + * [Security Filtering](#securityFiltering) +* [Appendix A: Revision History](#revisionHistory) @@ -161,8 +161,8 @@ Patterned fields MUST have unique names within the containing object. In order to preserve the ability to round-trip between YAML and JSON formats, YAML version [1.2](https://yaml.org/spec/1.2/spec.html) is RECOMMENDED along with some additional constraints: -- Tags MUST be limited to those allowed by [YAML's JSON schema ruleset](https://yaml.org/spec/1.2/spec.html#id2803231), which defines a subset of the YAML syntax and is unrelated to [[JSON-Schema-05|JSON Schema]]. -- Keys used in YAML maps MUST be limited to a scalar string, as defined by the [YAML Failsafe schema ruleset](https://yaml.org/spec/1.2/spec.html#id2802346). +* Tags MUST be limited to those allowed by [YAML's JSON schema ruleset](https://yaml.org/spec/1.2/spec.html#id2803231), which defines a subset of the YAML syntax and is unrelated to [[JSON-Schema-05|JSON Schema]]. +* Keys used in YAML maps MUST be limited to a scalar string, as defined by the [YAML Failsafe schema ruleset](https://yaml.org/spec/1.2/spec.html#id2802346). **Note:** While APIs may be described by OpenAPI documents in either YAML or JSON format, the API request and response bodies and other content are not required to be JSON or YAML. @@ -179,9 +179,9 @@ It is RECOMMENDED that the entry OpenAPI document be named: `openapi.json` or `o When parsing an OAD, JSON or YAML objects are parsed into specific Objects (such as [Operation Objects](#operationObject), [Response Objects](#responseObject), [Reference Objects](#referenceObject), etc.) based on the parsing context. Depending on how references are arranged, a given JSON or YAML object can be parsed in multiple different contexts: -- As a complete OpenAPI Description document -- As the Object type implied by its parent Object within the document -- As a reference target, with the Object type matching the reference source's context +* As a complete OpenAPI Description document +* As the Object type implied by its parent Object within the document +* As a reference target, with the Object type matching the reference source's context If the same JSON/YAML object is parsed multiple times and the respective contexts require it to be parsed as _different_ Object types, the resulting behavior is _implementation defined_, and MAY be treated as an error if detected. An example would be referencing an empty Schema Object under `#/components/schemas` where a Path Item Object is expected, as an empty object is valid for both types. For maximum interoperability, it is RECOMMENDED that OpenAPI Description authors avoid such scenarios. @@ -256,8 +256,8 @@ The formats defined by the OAS are: Two formats, `binary` and `byte`, describe different ways to work with binary data: -- `binary` is used where unencoded binary data is allowed, such as when sending a binary payload as an HTTP message body, or as part of a `multipart/*` payload that allows binary parts -- `byte` is used where binary data is embedded in a text-only format such as `application/json` or `application/x-www-form-urlencoded` +* `binary` is used where unencoded binary data is allowed, such as when sending a binary payload as an HTTP message body, or as part of a `multipart/*` payload that allows binary parts +* `byte` is used where binary data is embedded in a text-only format such as `application/json` or `application/x-www-form-urlencoded` The `maxLength` keyword MAY be used to set an expected upper bound on the length of a streaming payload. The keyword can be applied to either string data, including encoded binary data, or to unencoded binary data. For unencoded binary, the length is the number of octets. @@ -1099,10 +1099,10 @@ See [Appendix E](#percentEncodingAndFormMediaTypes) for a detailed examination o There are four possible parameter locations specified by the `in` field: -- path - Used together with [Path Templating](#pathTemplating), where the parameter value is actually part of the operation's URL. This does not include the host or base path of the API. For example, in `/items/{itemId}`, the path parameter is `itemId`. -- query - Parameters that are appended to the URL. For example, in `/items?id=###`, the query parameter is `id`. -- header - Custom headers that are expected as part of the request. Note that [RFC7230](https://tools.ietf.org/html/rfc7230#section-3.2) states header names are case insensitive. -- cookie - Used to pass a specific cookie value to the API. +* path - Used together with [Path Templating](#pathTemplating), where the parameter value is actually part of the operation's URL. This does not include the host or base path of the API. For example, in `/items/{itemId}`, the path parameter is `itemId`. +* query - Parameters that are appended to the URL. For example, in `/items?id=###`, the query parameter is `id`. +* header - Custom headers that are expected as part of the request. Note that [RFC7230](https://tools.ietf.org/html/rfc7230#section-3.2) states header names are case insensitive. +* cookie - Used to pass a specific cookie value to the API. ##### Fixed Fields @@ -1183,12 +1183,12 @@ Assume a parameter named `color` has one of the following values: The following table shows examples, as would be shown with the `example` or `examples` keywords, of the different serializations for each value. -- The value _empty_ denotes the empty string, and is unrelated to the `allowEmptyValue` field -- The behavior of combinations marked _n/a_ is undefined -- The `undefined` replaces the `empty` column in previous versions of this specification in order to better align with [RFC6570](https://www.rfc-editor.org/rfc/rfc6570.html#section-2.3) terminology, which describes certain values including but not limited to `null` as "undefined" values with special handling; notably, the empty string is _not_ undefined -- For `form` and the non-RFC6570 query string styles `spaceDelimited`, `pipeDelimited`, and `deepObject`, each example is shown prefixed with `?` as if it were the only query parameter; see [Appendix C](#usingRFC6570Implementations) for more information on constructing query strings from multiple parameters, and [Appendix D](#serializingHeadersAndCookies) for warnings regarding `form` and cookie parameters -- Note that the `?` prefix is not appropriate for serializing `application/x-www-form-urlencoded` HTTP message bodies, and MUST be stripped or (if constructing the string manually) not added when used in that context; see the [Encoding Object](#encodingObject) for more information -- The examples are percent-encoded as required by RFC6570 and RFC3986; see [Appendix E](#percentEncodingAndFormMediaTypes) for a thorough discussion of percent-encoding concerns, including why unencoded `|` (`%7C`), `[` (`%5B`), and `]` (`%5D`) seem to work in some environments despite not being compliant. +* The value _empty_ denotes the empty string, and is unrelated to the `allowEmptyValue` field +* The behavior of combinations marked _n/a_ is undefined +* The `undefined` replaces the `empty` column in previous versions of this specification in order to better align with [RFC6570](https://www.rfc-editor.org/rfc/rfc6570.html#section-2.3) terminology, which describes certain values including but not limited to `null` as "undefined" values with special handling; notably, the empty string is _not_ undefined +* For `form` and the non-RFC6570 query string styles `spaceDelimited`, `pipeDelimited`, and `deepObject`, each example is shown prefixed with `?` as if it were the only query parameter; see [Appendix C](#usingRFC6570Implementations) for more information on constructing query strings from multiple parameters, and [Appendix D](#serializingHeadersAndCookies) for warnings regarding `form` and cookie parameters +* Note that the `?` prefix is not appropriate for serializing `application/x-www-form-urlencoded` HTTP message bodies, and MUST be stripped or (if constructing the string manually) not added when used in that context; see the [Encoding Object](#encodingObject) for more information +* The examples are percent-encoded as required by RFC6570 and RFC3986; see [Appendix E](#percentEncodingAndFormMediaTypes) for a thorough discussion of percent-encoding concerns, including why unencoded `|` (`%7C`), `[` (`%5B`), and `]` (`%5D`) seem to work in some environments despite not being compliant. | [`style`](#styleValues) | `explode` | `empty` | `string` | `array` | `object` | | ----------------------- | --------- | ------------------------------------------------- | ----------------------------------------------------- | ----------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------- | @@ -1640,13 +1640,13 @@ See also [Appendix C: Using RFC6570 Implementations](#usingRFC6570Implementation The role of `contentType` with `application/x-www-form-urlencoded` request bodies was not described in detail in version 3.0.3 and earlier of this specification. To match the intent of these fields and be compatible with version 3.1 of this specification, it is RECOMMENDED that whenever any of `style`, `explode`, or `allowReserved` are present with an explicit value: -- The value of `contentType`, whether it is explicitly defined or has the default value, is to be ignored -- If any of `style`, `explode`, or `allowReserved` are _not_ present with explicit values, then they are to be treated as if they were present with their default values +* The value of `contentType`, whether it is explicitly defined or has the default value, is to be ignored +* If any of `style`, `explode`, or `allowReserved` are _not_ present with explicit values, then they are to be treated as if they were present with their default values However, if all three of `style`, `explode`, and `allowReserved` fields are absent, it is RECOMMENDED that: -- All three keywords are to be entirely ignored, rather than treated as having their default values -- Encoding is to be based on `contentType` alone, whether it is present with an explicit value or absent and treated as having its default value +* All three keywords are to be entirely ignored, rather than treated as having their default values +* Encoding is to be based on `contentType` alone, whether it is present with an explicit value or absent and treated as having its default value Note that the presence of at least one of `style`, `explode`, or `allowReserved` with an explicit value is equivalent to using `schema` with `in: query` Parameter Objects. The absence of all three of those fields is the equivalent of using `content`, but with the media type specified in `contentType` rather than through a Media Type Object. @@ -2108,14 +2108,14 @@ The following examples show how the various expressions evaluate, assuming the c | Expression | Value | | ---------------------------- | :----------------------------------------------------------------------------------- | -| $url | https://example.org/subscribe/myevent?queryUrl=https://clientdomain.com/stillrunning | +| $url | | | $method | POST | | $request.path.eventType | myevent | -| $request.query.queryUrl | https://clientdomain.com/stillrunning | +| $request.query.queryUrl | | | $request.header.content-Type | application/json | -| $request.body#/failedUrl | https://clientdomain.com/failed | -| $request.body#/successUrls/1 | https://clientdomain.com/medium | -| $response.header.Location | https://example.org/subscription/1 | +| $request.body#/failedUrl | | +| $request.body#/successUrls/1 | | +| $response.header.Location | | ##### Callback Object Examples @@ -2690,36 +2690,36 @@ Unless stated otherwise, the property definitions follow those of JSON Schema an The following properties are taken directly from the JSON Schema definition and follow the same specifications: -- title -- multipleOf -- maximum -- exclusiveMaximum -- minimum -- exclusiveMinimum -- maxLength -- minLength -- pattern (This string SHOULD be a valid regular expression, according to the [Ecma-262 Edition 5.1 regular expression](https://www.ecma-international.org/ecma-262/5.1/#sec-15.10.1) dialect) -- maxItems -- minItems -- uniqueItems -- maxProperties -- minProperties -- required -- enum +* title +* multipleOf +* maximum +* exclusiveMaximum +* minimum +* exclusiveMinimum +* maxLength +* minLength +* pattern (This string SHOULD be a valid regular expression, according to the [Ecma-262 Edition 5.1 regular expression](https://www.ecma-international.org/ecma-262/5.1/#sec-15.10.1) dialect) +* maxItems +* minItems +* uniqueItems +* maxProperties +* minProperties +* required +* enum The following properties are taken from the JSON Schema definition but their definitions were adjusted to the OpenAPI Specification. -- type - Value MUST be a string. Multiple types via an array are not supported. -- allOf - Inline or referenced schema MUST be of a [Schema Object](#schemaObject) and not a standard JSON Schema. -- oneOf - Inline or referenced schema MUST be of a [Schema Object](#schemaObject) and not a standard JSON Schema. -- anyOf - Inline or referenced schema MUST be of a [Schema Object](#schemaObject) and not a standard JSON Schema. -- not - Inline or referenced schema MUST be of a [Schema Object](#schemaObject) and not a standard JSON Schema. -- items - Value MUST be an object and not an array. Inline or referenced schema MUST be of a [Schema Object](#schemaObject) and not a standard JSON Schema. `items` MUST be present if the `type` is `array`. -- properties - Property definitions MUST be a [Schema Object](#schemaObject) and not a standard JSON Schema (inline or referenced). -- additionalProperties - Value can be boolean or object. Inline or referenced schema MUST be of a [Schema Object](#schemaObject) and not a standard JSON Schema. Consistent with JSON Schema, `additionalProperties` defaults to `true`. -- description - [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. -- format - See [Data Type Formats](#dataTypeFormat) for further details. While relying on JSON Schema's defined formats, the OAS offers a few additional predefined formats. -- default - The default value represents what would be assumed by the consumer of the input as the value of the schema if one is not provided. Unlike JSON Schema, the value MUST conform to the defined type for the Schema Object defined at the same level. For example, if `type` is `string`, then `default` can be `"foo"` but cannot be `1`. +* type - Value MUST be a string. Multiple types via an array are not supported. +* allOf - Inline or referenced schema MUST be of a [Schema Object](#schemaObject) and not a standard JSON Schema. +* oneOf - Inline or referenced schema MUST be of a [Schema Object](#schemaObject) and not a standard JSON Schema. +* anyOf - Inline or referenced schema MUST be of a [Schema Object](#schemaObject) and not a standard JSON Schema. +* not - Inline or referenced schema MUST be of a [Schema Object](#schemaObject) and not a standard JSON Schema. +* items - Value MUST be an object and not an array. Inline or referenced schema MUST be of a [Schema Object](#schemaObject) and not a standard JSON Schema. `items` MUST be present if the `type` is `array`. +* properties - Property definitions MUST be a [Schema Object](#schemaObject) and not a standard JSON Schema (inline or referenced). +* additionalProperties - Value can be boolean or object. Inline or referenced schema MUST be of a [Schema Object](#schemaObject) and not a standard JSON Schema. Consistent with JSON Schema, `additionalProperties` defaults to `true`. +* description - [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. +* format - See [Data Type Formats](#dataTypeFormat) for further details. While relying on JSON Schema's defined formats, the OAS offers a few additional predefined formats. +* default - The default value represents what would be assumed by the consumer of the input as the value of the schema if one is not provided. Unlike JSON Schema, the value MUST conform to the defined type for the Schema Object defined at the same level. For example, if `type` is `string`, then `default` can be `"foo"` but cannot be `1`. Alternatively, any time a Schema Object can be used, a [Reference Object](#referenceObject) can be used in its place. This allows referencing definitions instead of defining them inline. @@ -2753,8 +2753,8 @@ When used, the `discriminator` indicates the name of the property that hints whi As such, the `discriminator` field MUST be a required field. There are two ways to define the value of a discriminator for an inheriting instance. -- Use the schema name. -- [Override the schema name](#discriminatorMapping) by overriding the property with a new value. If a new value exists, this takes precedence over the schema name. +* Use the schema name. +* [Override the schema name](#discriminatorMapping) by overriding the property with a new value. If a new value exists, this takes precedence over the schema name. ###### XML Modeling @@ -3249,9 +3249,9 @@ This object MAY be extended with [Specification Extensions](#specificationExtens The `namespace` field is intended to match the syntax of [XML namespaces](https://www.w3.org/TR/xml-names11/), although there are a few caveats: -- Version 3.0.3 and earlier of this specification erroneously used the term "absolute URI" instead of "non-relative URI", so authors using namespaces that include a fragment should check tooling support carefully. -- XML allows but discourages relative URI-references, while this specification outright forbids them. -- XML 1.1 allows IRIs ([RFC3987](https://datatracker.ietf.org/doc/html/rfc3987)) as namespaces, and specifies that namespaces are compared without any encoding or decoding, which means that IRIs encoded to meet this specification's URI syntax requirement cannot be compared to IRIs as-is. +* Version 3.0.3 and earlier of this specification erroneously used the term "absolute URI" instead of "non-relative URI", so authors using namespaces that include a fragment should check tooling support carefully. +* XML allows but discourages relative URI-references, while this specification outright forbids them. +* XML 1.1 allows IRIs ([RFC3987](https://datatracker.ietf.org/doc/html/rfc3987)) as namespaces, and specifies that namespaces are compared without any encoding or decoding, which means that IRIs encoded to meet this specification's URI syntax requirement cannot be compared to IRIs as-is. ##### XML Object Examples @@ -3954,10 +3954,10 @@ Two examples of this: OpenAPI description documents use JSON, YAML, and JSON Schema, and therefore share their security considerations: -- [JSON](https://www.iana.org/assignments/media-types/application/json) -- [YAML](https://www.iana.org/assignments/media-types/application/yaml) -- [JSON Schema Core](https://tools.ietf.org/html/draft-wright-json-schema-00#section-10) -- [JSON Schema Validation](https://tools.ietf.org/html/draft-wright-json-schema-validation-00#section-8) +* [JSON](https://www.iana.org/assignments/media-types/application/json) +* [YAML](https://www.iana.org/assignments/media-types/application/yaml) +* [JSON Schema Core](https://tools.ietf.org/html/draft-wright-json-schema-00#section-10) +* [JSON Schema Validation](https://tools.ietf.org/html/draft-wright-json-schema-validation-00#section-8) ### Tooling and Usage Scenarios @@ -4006,8 +4006,8 @@ However, there is no general-purpose specification for converting schema-validat Two cases do offer standards-based guidance: -- [RFC3987](https://datatracker.ietf.org/doc/html/rfc3987#section-3.1) provides guidance for converting non-Unicode strings to UTF-8, particularly in the context of URIs (and by extension, the form media types which use the same encoding rules) -- [RFC6570](https://www.rfc-editor.org/rfc/rfc6570#section-2.3) specifies which values, including but not limited to `null`, are considered _undefined_ and therefore treated specially in the expansion process when serializing based on that specification +* [RFC3987](https://datatracker.ietf.org/doc/html/rfc3987#section-3.1) provides guidance for converting non-Unicode strings to UTF-8, particularly in the context of URIs (and by extension, the form media types which use the same encoding rules) +* [RFC6570](https://www.rfc-editor.org/rfc/rfc6570#section-2.3) specifies which values, including but not limited to `null`, are considered _undefined_ and therefore treated specially in the expansion process when serializing based on that specification Implementations of RFC6570 often have their own conventions for converting non-string values, but these are implementation-specific and not defined by the RFC itself. This is one reason for the OpenAPI Specification to leave these conversions as implementation-defined: It allows using RFC6570 implementations regardless of how they choose to perform the conversions. @@ -4079,9 +4079,9 @@ Implementations MAY create a properly delimited URI Template with variables for This includes: -- the styles `pipeDelimited`, `spaceDelimited`, and `deepObject`, which have no equivalents at all -- the combination of the style `form` with `allowReserved: true`, which is not allowed because only one prefix operator can be used at a time -- any parameter name that is not a legal RFC6570 variable name +* the styles `pipeDelimited`, `spaceDelimited`, and `deepObject`, which have no equivalents at all +* the combination of the style `form` with `allowReserved: true`, which is not allowed because only one prefix operator can be used at a time +* any parameter name that is not a legal RFC6570 variable name The Parameter Object's `name` field has a much more permissive syntax than [RFC6570 variable name syntax](https://www.rfc-editor.org/rfc/rfc6570#section-2.3). A parameter name that includes characters outside of the allowed RFC6570 variable character set MUST be percent-encoded before it can be used in a URI Template. @@ -4281,7 +4281,7 @@ This style is specified to be equivalent to RFC6570 form expansion which include However, examples of this style in past versions of this specification have not included the `?` prefix, suggesting that the comparison is not exact. Because implementations that rely on an RFC6570 implementation and those that perform custom serialization based on the style example will produce different results, it is implementation-defined as to which of the two results is correct. -For multiple values, `style: form` is always incorrect as name=value pairs in cookies are delimited by `; ` (a semicolon followed by a space character) rather than `&`. +For multiple values, `style: form` is always incorrect as name=value pairs in cookies are delimited by `;` (a semicolon followed by a space character) rather than `&`. ## Appendix E: Percent-Encoding and Form Media Types @@ -4290,9 +4290,9 @@ _**NOTE:** In this section, the `application/x-www-form-urlencoded` and `multipa Percent-encoding is used in URIs and media types that derive their syntax from URIs. This process is concerned with three sets of characters, the names of which vary among specifications but are defined as follows for the purposes of this section: -- _unreserved_ characters do not need to be percent-encoded; while it is safe to percent-encode them, doing so produces a URI that is [not normalized](https://datatracker.ietf.org/doc/html/rfc3986#section-6.2.2.2) -- _reserved_ characters either have special behavior in the URI syntax (such as delimiting components) or are reserved for other specifications that need to define special behavior (e.g. `form-urlencoded` defines special behavior for `=`, `&`, and `+`) -- _unsafe_ characters are known to cause problems when parsing URIs in certain environments +* _unreserved_ characters do not need to be percent-encoded; while it is safe to percent-encode them, doing so produces a URI that is [not normalized](https://datatracker.ietf.org/doc/html/rfc3986#section-6.2.2.2) +* _reserved_ characters either have special behavior in the URI syntax (such as delimiting components) or are reserved for other specifications that need to define special behavior (e.g. `form-urlencoded` defines special behavior for `=`, `&`, and `+`) +* _unsafe_ characters are known to cause problems when parsing URIs in certain environments Unless otherwise specified, this section uses RFC3986's definition of [reserved](https://datatracker.ietf.org/doc/html/rfc3986#section-2.2) and [unreserved](https://datatracker.ietf.org/doc/html/rfc3986#section-2.3), and defines the unsafe set as all characters not included in either of those sets. From 254abae29afbf9a0d5f0929f6777f6fa07bc91d2 Mon Sep 17 00:00:00 2001 From: Lorna Mitchell Date: Mon, 1 Jul 2024 20:56:29 +0100 Subject: [PATCH 167/251] Manually fix additional markdownlint problems - heading levels aren't continuous MD001 - code fences need a language MD040 - table has the wrong number of cells MD056 --- versions/3.0.4.md | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 5d4b032201..d757384d8c 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -1,6 +1,6 @@ # OpenAPI Specification -#### Version 3.0.4 +## Version 3.0.4 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [BCP 14](https://tools.ietf.org/html/bcp14) [RFC2119](https://tools.ietf.org/html/rfc2119) [RFC8174](https://tools.ietf.org/html/rfc8174) when, and only when, they appear in all capitals, as shown here. @@ -71,30 +71,30 @@ For extension registries and other specifications published by the OpenAPI Initi ## Definitions -##### OpenAPI Description +### OpenAPI Description An OpenAPI Description (OAD) formally describes the surface of an API and its semantics. It is composed of an [entry document](#documentStructure) and any/all of its referenced documents. An OAD uses and conforms to the OpenAPI Specification. -##### Schema +### Schema A "schema" is a formal description of syntax and structure. This document serves as the [schema](#schema) for the OpenAPI Specification format; a non-authoritative JSON Schema based on this document is also provided on [spec.openapis.org](https://spec.openapis.org) for informational purposes. This specification also _uses_ schemas in the form of the [Schema Object](#schemaObject). -##### Path Templating +### Path Templating Path templating refers to the usage of template expressions, delimited by curly braces (`{}`), to mark a section of a URL path as replaceable using path parameters. Each template expression in the path MUST correspond to a path parameter that is included in the [Path Item](#path-item-object) itself and/or in each of the Path Item's [Operations](#operation-object). -##### Media Types +### Media Types Media type definitions are spread across several resources. The media type definitions SHOULD be in compliance with [RFC6838](https://tools.ietf.org/html/rfc6838). Some examples of possible media type definitions: -``` +```text text/plain; charset=utf-8 application/json application/vnd.github+json @@ -107,17 +107,17 @@ Some examples of possible media type definitions: application/vnd.github.v3.patch ``` -##### HTTP Status Codes +### HTTP Status Codes The HTTP Status Codes are used to indicate the status of the executed operation. Status codes SHOULD be selected from the available status codes registered in the [IANA Status Code Registry](https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml). -##### HTTP and Case Sensitivity +### HTTP and Case Sensitivity As most field names and values in the OpenAPI Specification are case-sensitive, this document endeavors to call out any case-insensitive names and values. However, the case sensitivity of field names and values that map directly to HTTP concepts follow the case sensitivity rules of HTTP, even if this document does not make a note of every concept. -##### Undefined and Implementation-Defined Behavior +### Undefined and Implementation-Defined Behavior This specification deems certain situations to have either _undefined_ or _implementation-defined_ behavior. @@ -562,7 +562,7 @@ All the fixed fields declared above are objects that MUST use keys that match th Field Name Examples: -``` +```text User User_1 User_Name @@ -761,21 +761,21 @@ This object MAY be extended with [Specification Extensions](#specificationExtens Assuming the following paths, the concrete definition, `/pets/mine`, will be matched first if used: -``` +```text /pets/{petId} /pets/mine ``` The following paths are considered identical and invalid: -``` +```text /pets/{petId} /pets/{name} ``` The following may lead to ambiguous resolution: -``` +```text /{entity}/me /books/{id} ``` @@ -1175,7 +1175,7 @@ See [Appendix E](#percentEncodingAndFormMediaTypes) for a discussion of percent- Assume a parameter named `color` has one of the following values: -``` +```text string -> "blue" array -> ["blue","black","brown"] object -> { "R": 100, "G": 200, "B": 150 } @@ -2487,10 +2487,10 @@ The table below provides examples of runtime expressions and examples of their u | Source Location | example expression | notes | | --------------------- | :------------------------- | :-------------------------------------------------------------------------------------------------------------------------------------------------- | | HTTP Method | `$method` | The allowable values for the `$method` will be those for the HTTP operation. | -| Requested media type | `$request.header.accept` | +| Requested media type | `$request.header.accept` | | | Request parameter | `$request.path.id` | Request parameters MUST be declared in the `parameters` section of the parent operation or they cannot be evaluated. This includes request headers. | | Request body property | `$request.body#/user/uuid` | In operations which accept payloads, references may be made to portions of the `requestBody` or the entire body. | -| Request URL | `$url` | +| Request URL | `$url` || | Response value | `$response.body#/status` | In operations which return payloads, references may be made to portions of the response body or the entire body. | | Response header | `$response.header.Server` | Single header values only are available | From 42a261ab946c76fe1f49ceb3ed77e1a80a5646a0 Mon Sep 17 00:00:00 2001 From: Lorna Mitchell Date: Thu, 1 Aug 2024 19:33:57 +0100 Subject: [PATCH 168/251] Remove table of contents, new tools don't need it --- versions/3.0.4.md | 53 ----------------------------------------------- 1 file changed, 53 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index d757384d8c..1389eb9779 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -16,59 +16,6 @@ For examples of OpenAPI usage and additional documentation, please visit [[?Open For extension registries and other specifications published by the OpenAPI Initiative, as well as the authoritative rendering of this specification, please visit [spec.openapis.org](https://spec.openapis.org/). -## Table of Contents - - - -* [Definitions](#definitions) - * [OpenAPI Description](#oasDocument) - * [Path Templating](#pathTemplating) - * [Media Types](#mediaTypes) - * [HTTP Status Codes](#httpCodes) -* [Specification](#specification) - * [Versions](#versions) - * [Format](#format) - * [OpenAPI Description Structure](#documentStructure) - * [Data Types](#dataTypes) - * [Rich Text Formatting](#richText) - * [Relative References In URLs](#relativeReferences) - * [Schema](#schema) - * [OpenAPI Object](#oasObject) - * [Info Object](#infoObject) - * [Contact Object](#contactObject) - * [License Object](#licenseObject) - * [Server Object](#serverObject) - * [Server Variable Object](#serverVariableObject) - * [Components Object](#componentsObject) - * [Paths Object](#pathsObject) - * [Path Item Object](#pathItemObject) - * [Operation Object](#operationObject) - * [External Documentation Object](#externalDocumentationObject) - * [Parameter Object](#parameterObject) - * [Request Body Object](#requestBodyObject) - * [Media Type Object](#mediaTypeObject) - * [Encoding Object](#encodingObject) - * [Responses Object](#responsesObject) - * [Response Object](#responseObject) - * [Callback Object](#callbackObject) - * [Example Object](#exampleObject) - * [Link Object](#linkObject) - * [Header Object](#headerObject) - * [Tag Object](#tagObject) - * [Reference Object](#referenceObject) - * [Schema Object](#schemaObject) - * [Discriminator Object](#discriminatorObject) - * [XML Object](#xmlObject) - * [Security Scheme Object](#securitySchemeObject) - * [OAuth Flows Object](#oauthFlowsObject) - * [OAuth Flow Object](#oauthFlowObject) - * [Security Requirement Object](#securityRequirementObject) - * [Specification Extensions](#specificationExtensions) - * [Security Filtering](#securityFiltering) -* [Appendix A: Revision History](#revisionHistory) - - - ## Definitions ### OpenAPI Description From 531253e241f5361e98ac1fdd5743e0571cc7b07f Mon Sep 17 00:00:00 2001 From: Lorna Mitchell Date: Thu, 1 Aug 2024 19:42:59 +0100 Subject: [PATCH 169/251] Update anchors and internal links --- versions/3.0.4.md | 665 +++++++++++++++++++++++----------------------- 1 file changed, 333 insertions(+), 332 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 1389eb9779..37d932d04e 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -18,23 +18,23 @@ For extension registries and other specifications published by the OpenAPI Initi ## Definitions -### OpenAPI Description +### OpenAPI Description -An OpenAPI Description (OAD) formally describes the surface of an API and its semantics. It is composed of an [entry document](#documentStructure) and any/all of its referenced documents. An OAD uses and conforms to the OpenAPI Specification. +An OpenAPI Description (OAD) formally describes the surface of an API and its semantics. It is composed of an [entry document](#openapi-description-structure) and any/all of its referenced documents. An OAD uses and conforms to the OpenAPI Specification. -### Schema +### Schema A "schema" is a formal description of syntax and structure. This document serves as the [schema](#schema) for the OpenAPI Specification format; a non-authoritative JSON Schema based on this document is also provided on [spec.openapis.org](https://spec.openapis.org) for informational purposes. -This specification also _uses_ schemas in the form of the [Schema Object](#schemaObject). +This specification also _uses_ schemas in the form of the [Schema Object](#schema-object). -### Path Templating +### Path Templating Path templating refers to the usage of template expressions, delimited by curly braces (`{}`), to mark a section of a URL path as replaceable using path parameters. Each template expression in the path MUST correspond to a path parameter that is included in the [Path Item](#path-item-object) itself and/or in each of the Path Item's [Operations](#operation-object). -### Media Types +### Media Types Media type definitions are spread across several resources. The media type definitions SHOULD be in compliance with [RFC6838](https://tools.ietf.org/html/rfc6838). @@ -54,17 +54,17 @@ Some examples of possible media type definitions: application/vnd.github.v3.patch ``` -### HTTP Status Codes +### HTTP Status Codes The HTTP Status Codes are used to indicate the status of the executed operation. Status codes SHOULD be selected from the available status codes registered in the [IANA Status Code Registry](https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml). -### HTTP and Case Sensitivity +### HTTP and Case Sensitivity As most field names and values in the OpenAPI Specification are case-sensitive, this document endeavors to call out any case-insensitive names and values. However, the case sensitivity of field names and values that map directly to HTTP concepts follow the case sensitivity rules of HTTP, even if this document does not make a note of every concept. -### Undefined and Implementation-Defined Behavior +### Undefined and Implementation-Defined Behavior This specification deems certain situations to have either _undefined_ or _implementation-defined_ behavior. @@ -85,7 +85,7 @@ The OpenAPI Specification is versioned using a `major`.`minor`.`patch` versionin Occasionally, non-backwards compatible changes may be made in `minor` versions of the OAS where impact is believed to be low relative to the benefit provided. -An OpenAPI description document compatible with OAS 3.\*.\* contains a required [`openapi`](#oasVersion) field which designates the version of the OAS that it uses. +An OpenAPI description document compatible with OAS 3.\*.\* contains a required [`openapi`](#oas-version) field which designates the version of the OAS that it uses. ### Format @@ -113,18 +113,18 @@ In order to preserve the ability to round-trip between YAML and JSON formats, YA **Note:** While APIs may be described by OpenAPI documents in either YAML or JSON format, the API request and response bodies and other content are not required to be JSON or YAML. -### OpenAPI Description Structure +### OpenAPI Description Structure -An OpenAPI Description (OAD) MAY be made up of a single document or be divided into multiple, connected parts at the discretion of the author. In the latter case, [Reference Object](#referenceObject) and [Path Item Object](#pathItemObject) `$ref` keywords, as well as the [Link Object](#linkObject) `operationRef` keyword, are used. +An OpenAPI Description (OAD) MAY be made up of a single document or be divided into multiple, connected parts at the discretion of the author. In the latter case, [Reference Object](#reference-object) and [Path Item Object](#path-item-object) `$ref` keywords, as well as the [Link Object](#link-object) `operationRef` keyword, are used. Any document consisting entirely of an OpenAPI Object is known as a **complete OpenAPI document**. -In a multi-document description, the document containing the [OpenAPI Object](#oasObject) where parsing begins for a specific API's description is known as that API's **entry OpenAPI document**, or simply **entry document**. +In a multi-document description, the document containing the [OpenAPI Object](#openapi-object) where parsing begins for a specific API's description is known as that API's **entry OpenAPI document**, or simply **entry document**. It is RECOMMENDED that the entry OpenAPI document be named: `openapi.json` or `openapi.yaml`. -#### Structural Interoperability +#### Structural Interoperability -When parsing an OAD, JSON or YAML objects are parsed into specific Objects (such as [Operation Objects](#operationObject), [Response Objects](#responseObject), [Reference Objects](#referenceObject), etc.) based on the parsing context. Depending on how references are arranged, a given JSON or YAML object can be parsed in multiple different contexts: +When parsing an OAD, JSON or YAML objects are parsed into specific Objects (such as [Operation Objects](#operation-object), [Response Objects](#response-object), [Reference Objects](#reference-object), etc.) based on the parsing context. Depending on how references are arranged, a given JSON or YAML object can be parsed in multiple different contexts: * As a complete OpenAPI Description document * As the Object type implied by its parent Object within the document @@ -132,7 +132,7 @@ When parsing an OAD, JSON or YAML objects are parsed into specific Objects (such If the same JSON/YAML object is parsed multiple times and the respective contexts require it to be parsed as _different_ Object types, the resulting behavior is _implementation defined_, and MAY be treated as an error if detected. An example would be referencing an empty Schema Object under `#/components/schemas` where a Path Item Object is expected, as an empty object is valid for both types. For maximum interoperability, it is RECOMMENDED that OpenAPI Description authors avoid such scenarios. -#### Resolving Implicit Connections +#### Resolving Implicit Connections Several features of this specification require resolution of non-URI-based connections to some other part of the OpenAPI Description (OAD). @@ -141,12 +141,12 @@ In some cases, an unambiguous URI-based alternative is available, and OAD author | Source | Target | Alternative | | -------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------- | --------------------------------- | -| [Security Requirement Object](#securityRequirementObject) `{name}` | [Security Scheme Object](#securitySchemeObject) name under the [Components Object](#componentsObject) | _n/a_ | -| [Discriminator Object](#discriminatorObject) `mapping` _(implicit, or explicit name syntax)_ | [Schema Object](#schemaObject) name under the Components Object | `mapping` _(explicit URI syntax)_ | -| [Operation Object](#operationObject) `tags` | [Tag Object](#tagObject) `name` (in the Components Object) | _n/a_ | -| [Link Object](#linkObject) `operationId` | [Path Item Object](#pathItemObject) `operationId` | `operationRef` | +| [Security Requirement Object](#security-requirement-object) `{name}` | [Security Scheme Object](#security-scheme-object) name under the [Components Object](#components-object) | _n/a_ | +| [Discriminator Object](#discriminator-object) `mapping` _(implicit, or explicit name syntax)_ | [Schema Object](#schema-object) name under the Components Object | `mapping` _(explicit URI syntax)_ | +| [Operation Object](#operation-object) `tags` | [Tag Object](#tag-object) `name` (in the Components Object) | _n/a_ | +| [Link Object](#link-object) `operationId` | [Path Item Object](#path-item-object) `operationId` | `operationRef` | -A fifth implicit connection involves appending the templated URL paths of the [Paths Object](#pathsObject) to the appropriate [Server Object](#serverObject)'s `url` field. +A fifth implicit connection involves appending the templated URL paths of the [Paths Object](#paths-object) to the appropriate [Server Object](#server-object)'s `url` field. This is unambiguous because only the entry document's Paths Object contributes URLs to the described API. It is RECOMMENDED to consider all Operation Objects from all parsed documents when resolving any Link Object `operationId`. @@ -168,16 +168,16 @@ These limitations are expected to be addressed in a future release. See [Security Requirement in a Referenced Document](#security-requirement-in-a-referenced-document) for an example of the possible resolutions, including which one is recommended by this section. The behavior for Discrimator Object non-URI mappings and for the Operation Object's `tags` field operate on the same principles. -Note that no aspect of implicit connection resolution changes how [URLs are resolved](#relativeReferences), or restricts their possible targets. +Note that no aspect of implicit connection resolution changes how [URLs are resolved](#relative-references-in-urls), or restricts their possible targets. -### Data Types +### Data Types Data types in the OAS are based on the types supported by the [JSON Schema Specification Wright Draft 00](https://tools.ietf.org/html/draft-wright-json-schema-00#section-4.2). Note that `integer` as a type is also supported and is defined as a JSON number without a fraction or exponent part. -`null` is not supported as a type (see [`nullable`](#schemaNullable) for an alternative solution). -Models are defined using the [Schema Object](#schemaObject), which is an extended subset of JSON Schema Specification Wright Draft 00. +`null` is not supported as a type (see [`nullable`](#schema-nullable) for an alternative solution). +Models are defined using the [Schema Object](#schema-object), which is an extended subset of JSON Schema Specification Wright Draft 00. -Data types can have an optional modifier property: `format`. +Data types can have an optional modifier property: `format`. OAS uses several known formats to define in fine detail the data type being used. However, to support documentation needs, the `format` property is an open `string`-valued property, and can have any value. Formats such as `"email"`, `"uuid"`, and so on, MAY be used even though they are not defined by this specification. @@ -187,7 +187,7 @@ Types that are not accompanied by a `format` property follow the type definition The formats defined by the OAS are: -| [`type`](#dataTypes) | [`format`](#dataTypeFormat) | Comments | +| [`type`](#data-types) | [`format`](#data-type-format) | Comments | | -------------------- | --------------------------- | ----------------------------------------------------------------------------------------- | | `integer` | `int32` | signed 32 bits | | `integer` | `int64` | signed 64 bits (a.k.a long) | @@ -199,7 +199,7 @@ The formats defined by the OAS are: | `string` | `date-time` | As defined by `date-time` - [RFC3339](https://www.rfc-editor.org/rfc/rfc3339#section-5.6) | | `string` | `password` | A hint to obscure the value. | -#### Working With Binary Data +#### Working With Binary Data Two formats, `binary` and `byte`, describe different ways to work with binary data: @@ -210,7 +210,7 @@ The `maxLength` keyword MAY be used to set an expected upper bound on the length Note that the encoding indicated by `byte`, which inflates the size of data in order to represent it as 7-bit ASCII text, is unrelated to HTTP's `Content-Encoding` header, which indicates whether and how a message body has been compressed. -### Rich Text Formatting +### Rich Text Formatting Throughout the specification `description` fields are noted as supporting CommonMark markdown formatting. Where OpenAPI tooling renders rich text it MUST support, at a minimum, markdown syntax as described by [CommonMark 0.27](https://spec.commonmark.org/0.27/). Tooling MAY choose to ignore some CommonMark or extension features to address security concerns. @@ -218,12 +218,12 @@ Where OpenAPI tooling renders rich text it MUST support, at a minimum, markdown While the framing of CommonMark 0.27 as a minimum requirement means that tooling MAY choose to implement extensions on top of it, note that any such extensions are by definition implementation-defined and will not be interoperable. OpenAPI Description authors SHOULD consider how text using such extensions will be rendered by tools that offer only the minimum support. -### Relative References in URLs +### Relative References in URLs Unless specified otherwise, all properties that are URLs MAY be relative references as defined by [RFC3986](https://tools.ietf.org/html/rfc3986#section-4.2). -Relative references are resolved using the URLs defined in the [Server Object](#serverObject) as a Base URI. +Relative references are resolved using the URLs defined in the [Server Object](#server-object) as a Base URI. -Relative references used in `$ref` are processed as per [JSON Reference](https://tools.ietf.org/html/draft-pbryan-zyp-json-ref-03), using the URL of the current document as the base URI. See also the [Reference Object](#referenceObject). +Relative references used in `$ref` are processed as per [JSON Reference](https://tools.ietf.org/html/draft-pbryan-zyp-json-ref-03), using the URL of the current document as the base URI. See also the [Reference Object](#reference-object). Relative references in CommonMark hyperlinks are resolved in their rendered context, which might differ from the context of the API description. @@ -236,26 +236,26 @@ If the JSON Schema differs from this section, then this section MUST be consider In the following description, if a field is not explicitly **REQUIRED** or described with a MUST or SHALL, it can be considered OPTIONAL. -#### OpenAPI Object +#### OpenAPI Object -This is the root object of the [OpenAPI document](#oasDocument). +This is the root object of the [OpenAPI document](#openapi-description). ##### Fixed Fields | Field Name | Type | Description | | ------------------------------------------ | :-----------------------------------------------------------: | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| openapi | `string` | **REQUIRED**. This string MUST be the [version number](#versions) of the OpenAPI Specification that the OpenAPI document uses. The `openapi` field SHOULD be used by tooling to interpret the OpenAPI document. This is _not_ related to the API [`info.version`](#infoVersion) string. | -| info | [Info Object](#infoObject) | **REQUIRED**. Provides metadata about the API. The metadata MAY be used by tooling as required. | -| servers | [[Server Object](#serverObject)] | An array of Server Objects, which provide connectivity information to a target server. If the `servers` property is not provided, or is an empty array, the default value would be a [Server Object](#serverObject) with a [url](#serverUrl) value of `/`. | -| paths | [Paths Object](#pathsObject) | **REQUIRED**. The available paths and operations for the API. | -| components | [Components Object](#componentsObject) | An element to hold various schemas for the document. | -| security | [[Security Requirement Object](#securityRequirementObject)] | A declaration of which security mechanisms can be used across the API. The list of values includes alternative security requirement objects that can be used. Only one of the security requirement objects need to be satisfied to authorize a request. Individual operations can override this definition. To make security optional, an empty security requirement (`{}`) can be included in the array. | -| tags | [[Tag Object](#tagObject)] | A list of tags used by the document with additional metadata. The order of the tags can be used to reflect on their order by the parsing tools. Not all tags that are used by the [Operation Object](#operationObject) must be declared. The tags that are not declared MAY be organized randomly or based on the tools' logic. Each tag name in the list MUST be unique. | -| externalDocs | [External Documentation Object](#externalDocumentationObject) | Additional external documentation. | +| openapi | `string` | **REQUIRED**. This string MUST be the [version number](#versions) of the OpenAPI Specification that the OpenAPI document uses. The `openapi` field SHOULD be used by tooling to interpret the OpenAPI document. This is _not_ related to the API [`info.version`](#info-version) string. | +| info | [Info Object](#info-object) | **REQUIRED**. Provides metadata about the API. The metadata MAY be used by tooling as required. | +| servers | [[Server Object](#server-object)] | An array of Server Objects, which provide connectivity information to a target server. If the `servers` property is not provided, or is an empty array, the default value would be a [Server Object](#server-object) with a [url](#server-url) value of `/`. | +| paths | [Paths Object](#paths-object) | **REQUIRED**. The available paths and operations for the API. | +| components | [Components Object](#components-object) | An element to hold various schemas for the document. | +| security | [[Security Requirement Object](#security-requirement-object)] | A declaration of which security mechanisms can be used across the API. The list of values includes alternative security requirement objects that can be used. Only one of the security requirement objects need to be satisfied to authorize a request. Individual operations can override this definition. To make security optional, an empty security requirement (`{}`) can be included in the array. | +| tags | [[Tag Object](#tag-object)] | A list of tags used by the document with additional metadata. The order of the tags can be used to reflect on their order by the parsing tools. Not all tags that are used by the [Operation Object](#operation-object) must be declared. The tags that are not declared MAY be organized randomly or based on the tools' logic. Each tag name in the list MUST be unique. | +| externalDocs | [External Documentation Object](#external-documentation-object) | Additional external documentation. | -This object MAY be extended with [Specification Extensions](#specificationExtensions). +This object MAY be extended with [Specification Extensions](#specification-extensions). -#### Info Object +#### Info Object The object provides metadata about the API. The metadata MAY be used by the clients if needed, and MAY be presented in editing or documentation generation tools for convenience. @@ -264,14 +264,14 @@ The metadata MAY be used by the clients if needed, and MAY be presented in editi | Field Name | Type | Description | | ----------------------------------------------- | :------------------------------: | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| title | `string` | **REQUIRED**. The title of the API. | -| description | `string` | A description of the API. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | -| termsOfService | `string` | A URL for the Terms of Service for the API. This MUST be in the form of a URL. | -| contact | [Contact Object](#contactObject) | The contact information for the exposed API. | -| license | [License Object](#licenseObject) | The license information for the exposed API. | -| version | `string` | **REQUIRED**. The version of the OpenAPI document (which is distinct from the [OpenAPI Specification version](#oasVersion) or the version of the API being described). | +| title | `string` | **REQUIRED**. The title of the API. | +| description | `string` | A description of the API. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | +| termsOfService | `string` | A URL for the Terms of Service for the API. This MUST be in the form of a URL. | +| contact | [Contact Object](#contact-object) | The contact information for the exposed API. | +| license | [License Object](#license-object) | The license information for the exposed API. | +| version | `string` | **REQUIRED**. The version of the OpenAPI document (which is distinct from the [OpenAPI Specification version](#oas-version) or the version of the API being described). | -This object MAY be extended with [Specification Extensions](#specificationExtensions). +This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Info Object Example @@ -307,7 +307,7 @@ license: version: 1.0.1 ``` -#### Contact Object +#### Contact Object Contact information for the exposed API. @@ -315,11 +315,11 @@ Contact information for the exposed API. | Field Name | Type | Description | | -------------------------------- | :------: | --------------------------------------------------------------------------------------------------- | -| name | `string` | The identifying name of the contact person/organization. | -| url | `string` | The URL for the contact information. This MUST be in the form of a URL. | -| email | `string` | The email address of the contact person/organization. This MUST be in the form of an email address. | +| name | `string` | The identifying name of the contact person/organization. | +| url | `string` | The URL for the contact information. This MUST be in the form of a URL. | +| email | `string` | The email address of the contact person/organization. This MUST be in the form of an email address. | -This object MAY be extended with [Specification Extensions](#specificationExtensions). +This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Contact Object Example @@ -337,7 +337,7 @@ url: https://www.example.com/support email: support@example.com ``` -#### License Object +#### License Object License information for the exposed API. @@ -345,10 +345,10 @@ License information for the exposed API. | Field Name | Type | Description | | ------------------------------ | :------: | -------------------------------------------------------------------------- | -| name | `string` | **REQUIRED**. The license name used for the API. | -| url | `string` | A URL for the license used for the API. This MUST be in the form of a URL. | +| name | `string` | **REQUIRED**. The license name used for the API. | +| url | `string` | A URL for the license used for the API. This MUST be in the form of a URL. | -This object MAY be extended with [Specification Extensions](#specificationExtensions). +This object MAY be extended with [Specification Extensions](#specification-extensions). ##### License Object Example @@ -364,7 +364,7 @@ name: Apache 2.0 url: https://www.apache.org/licenses/LICENSE-2.0.html ``` -#### Server Object +#### Server Object An object representing a Server. @@ -372,11 +372,11 @@ An object representing a Server. | Field Name | Type | Description | | ------------------------------------------- | :------------------------------------------------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| url | `string` | **REQUIRED**. A URL to the target host. This URL supports Server Variables and MAY be relative, to indicate that the host location is relative to the location where the OpenAPI document is being served. Variable substitutions will be made when a variable is named in `{`brackets`}`. | -| description | `string` | An optional string describing the host designated by the URL. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | -| variables | Map[`string`, [Server Variable Object](#serverVariableObject)] | A map between a variable name and its value. The value is used for substitution in the server's URL template. | +| url | `string` | **REQUIRED**. A URL to the target host. This URL supports Server Variables and MAY be relative, to indicate that the host location is relative to the location where the OpenAPI document is being served. Variable substitutions will be made when a variable is named in `{`brackets`}`. | +| description | `string` | An optional string describing the host designated by the URL. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | +| variables | Map[`string`, [Server Variable Object](#server-variable-object)] | A map between a variable name and its value. The value is used for substitution in the server's URL template. | -This object MAY be extended with [Specification Extensions](#specificationExtensions). +This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Server Object Example @@ -394,7 +394,7 @@ url: https://development.gigantic-server.com/v1 description: Development server ``` -The following shows how multiple servers can be described, for example, at the OpenAPI Object's [`servers`](#oasServers): +The following shows how multiple servers can be described, for example, at the OpenAPI Object's [`servers`](#oas-servers): ```json { @@ -470,7 +470,7 @@ servers: default: v2 ``` -#### Server Variable Object +#### Server Variable Object An object representing a Server Variable for server URL template substitution. @@ -478,13 +478,13 @@ An object representing a Server Variable for server URL template substitution. | Field Name | Type | Description | | --------------------------------------------------- | :--------: | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| enum | [`string`] | An enumeration of string values to be used if the substitution options are from a limited set. The array SHOULD NOT be empty. | -| default | `string` | **REQUIRED**. The default value to use for substitution, which SHALL be sent if an alternate value is _not_ supplied. Note this behavior is different than the [Schema Object's](#schemaObject) treatment of default values, because in those cases parameter values are optional. If the [`enum`](#serverVariableEnum) is defined, the value SHOULD exist in the enum's values. | -| description | `string` | An optional description for the server variable. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | +| enum | [`string`] | An enumeration of string values to be used if the substitution options are from a limited set. The array SHOULD NOT be empty. | +| default | `string` | **REQUIRED**. The default value to use for substitution, which SHALL be sent if an alternate value is _not_ supplied. Note this behavior is different than the [Schema Object's](#schema-object) treatment of default values, because in those cases parameter values are optional. If the [`enum`](#server-variable-enum) is defined, the value SHOULD exist in the enum's values. | +| description | `string` | An optional description for the server variable. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | -This object MAY be extended with [Specification Extensions](#specificationExtensions). +This object MAY be extended with [Specification Extensions](#specification-extensions). -#### Components Object +#### Components Object Holds a set of reusable objects for different aspects of the OAS. All objects defined within the components object will have no effect on the API unless they are explicitly referenced from properties outside the components object. @@ -493,17 +493,17 @@ All objects defined within the components object will have no effect on the API | Field Name | Type | Description | | -------------------------------------------------------- | :----------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------- | -| schemas | Map[`string`, [Schema Object](#schemaObject) \| [Reference Object](#referenceObject)] | An object to hold reusable [Schema Objects](#schemaObject). | -| responses | Map[`string`, [Response Object](#responseObject) \| [Reference Object](#referenceObject)] | An object to hold reusable [Response Objects](#responseObject). | -| parameters | Map[`string`, [Parameter Object](#parameterObject) \| [Reference Object](#referenceObject)] | An object to hold reusable [Parameter Objects](#parameterObject). | -| examples | Map[`string`, [Example Object](#exampleObject) \| [Reference Object](#referenceObject)] | An object to hold reusable [Example Objects](#exampleObject). | -| requestBodies | Map[`string`, [Request Body Object](#requestBodyObject) \| [Reference Object](#referenceObject)] | An object to hold reusable [Request Body Objects](#requestBodyObject). | -| headers | Map[`string`, [Header Object](#headerObject) \| [Reference Object](#referenceObject)] | An object to hold reusable [Header Objects](#headerObject). | -| securitySchemes | Map[`string`, [Security Scheme Object](#securitySchemeObject) \| [Reference Object](#referenceObject)] | An object to hold reusable [Security Scheme Objects](#securitySchemeObject). | -| links | Map[`string`, [Link Object](#linkObject) \| [Reference Object](#referenceObject)] | An object to hold reusable [Link Objects](#linkObject). | -| callbacks | Map[`string`, [Callback Object](#callbackObject) \| [Reference Object](#referenceObject)] | An object to hold reusable [Callback Objects](#callbackObject). | - -This object MAY be extended with [Specification Extensions](#specificationExtensions). +| schemas | Map[`string`, [Schema Object](#schema-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Schema Objects](#schema-object). | +| responses | Map[`string`, [Response Object](#response-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Response Objects](#response-object). | +| parameters | Map[`string`, [Parameter Object](#parameter-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Parameter Objects](#parameter-object). | +| examples | Map[`string`, [Example Object](#example-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Example Objects](#example-object). | +| requestBodies | Map[`string`, [Request Body Object](#request-body-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Request Body Objects](#request-body-object). | +| headers | Map[`string`, [Header Object](#header-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Header Objects](#header-object). | +| securitySchemes | Map[`string`, [Security Scheme Object](#security-scheme-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Security Scheme Objects](#security-scheme-object). | +| links | Map[`string`, [Link Object](#link-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Link Objects](#link-object). | +| callbacks | Map[`string`, [Callback Object](#callback-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Callback Objects](#callback-object). | + +This object MAY be extended with [Specification Extensions](#specification-extensions). All the fixed fields declared above are objects that MUST use keys that match the regular expression: `^[a-zA-Z0-9\.\-_]+$`. @@ -691,18 +691,18 @@ components: read:pets: read your pets ``` -#### Paths Object +#### Paths Object Holds the relative paths to the individual endpoints and their operations. -The path is appended to the URL from the [Server Object](#serverObject) in order to construct the full URL. The Paths Object MAY be empty, due to [Access Control List (ACL) constraints](#securityFiltering). +The path is appended to the URL from the [Server Object](#server-object) in order to construct the full URL. The Paths Object MAY be empty, due to [Access Control List (ACL) constraints](#security-filtering). ##### Patterned Fields | Field Pattern | Type | Description | | ------------------------------- | :---------------------------------: | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| /{path} | [Path Item Object](#pathItemObject) | A relative path to an individual endpoint. The field name MUST begin with a forward slash (`/`). The path is **appended** (no relative URL resolution) to the expanded URL from the [Server Object](#serverObject)'s `url` field in order to construct the full URL. [Path templating](#pathTemplating) is allowed. When matching URLs, concrete (non-templated) paths would be matched before their templated counterparts. Templated paths with the same hierarchy but different templated names MUST NOT exist as they are identical. In case of ambiguous matching, it's up to the tooling to decide which one to use. | +| /{path} | [Path Item Object](#path-item-object) | A relative path to an individual endpoint. The field name MUST begin with a forward slash (`/`). The path is **appended** (no relative URL resolution) to the expanded URL from the [Server Object](#server-object)'s `url` field in order to construct the full URL. [Path templating](#path-templating) is allowed. When matching URLs, concrete (non-templated) paths would be matched before their templated counterparts. Templated paths with the same hierarchy but different templated names MUST NOT exist as they are identical. In case of ambiguous matching, it's up to the tooling to decide which one to use. | -This object MAY be extended with [Specification Extensions](#specificationExtensions). +This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Path Templating Matching @@ -769,31 +769,31 @@ The following may lead to ambiguous resolution: $ref: '#/components/schemas/pet' ``` -#### Path Item Object +#### Path Item Object Describes the operations available on a single path. -A Path Item MAY be empty, due to [ACL constraints](#securityFiltering). +A Path Item MAY be empty, due to [ACL constraints](#security-filtering). The path itself is still exposed to the documentation viewer but they will not know which operations and parameters are available. ##### Fixed Fields | Field Name | Type | Description | | --------------------------------------------- | :----------------------------------------------------------------------------: | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| $ref | `string` | Allows for a referenced definition of this path item. The value MUST be in the form of a URL, and the referenced structure MUST be in the form of a [Path Item Object](#pathItemObject). In case a Path Item Object field appears both in the defined object and the referenced object, the behavior is undefined. See the rules for resolving [Relative References](#relativeReferences). | -| summary | `string` | An optional string summary, intended to apply to all operations in this path. | -| description | `string` | An optional string description, intended to apply to all operations in this path. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | -| get | [Operation Object](#operationObject) | A definition of a GET operation on this path. | -| put | [Operation Object](#operationObject) | A definition of a PUT operation on this path. | -| post | [Operation Object](#operationObject) | A definition of a POST operation on this path. | -| delete | [Operation Object](#operationObject) | A definition of a DELETE operation on this path. | -| options | [Operation Object](#operationObject) | A definition of a OPTIONS operation on this path. | -| head | [Operation Object](#operationObject) | A definition of a HEAD operation on this path. | -| patch | [Operation Object](#operationObject) | A definition of a PATCH operation on this path. | -| trace | [Operation Object](#operationObject) | A definition of a TRACE operation on this path. | -| servers | [[Server Object](#serverObject)] | An alternative `server` array to service all operations in this path. If an alternative server object is specified at the Root level, it will be overridden by this value. | -| parameters | [[Parameter Object](#parameterObject) \| [Reference Object](#referenceObject)] | A list of parameters that are applicable for all the operations described under this path. These parameters can be overridden at the operation level, but cannot be removed there. The list MUST NOT include duplicated parameters. A unique parameter is defined by a combination of a [name](#parameterName) and [location](#parameterIn). The list can use the [Reference Object](#referenceObject) to link to parameters that are defined at the [OpenAPI Object's components/parameters](#componentsParameters). | - -This object MAY be extended with [Specification Extensions](#specificationExtensions). +| $ref | `string` | Allows for a referenced definition of this path item. The value MUST be in the form of a URL, and the referenced structure MUST be in the form of a [Path Item Object](#path-item-object). In case a Path Item Object field appears both in the defined object and the referenced object, the behavior is undefined. See the rules for resolving [Relative References](#relative-references-in-urls). | +| summary | `string` | An optional string summary, intended to apply to all operations in this path. | +| description | `string` | An optional string description, intended to apply to all operations in this path. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | +| get | [Operation Object](#operation-object) | A definition of a GET operation on this path. | +| put | [Operation Object](#operation-object) | A definition of a PUT operation on this path. | +| post | [Operation Object](#operation-object) | A definition of a POST operation on this path. | +| delete | [Operation Object](#operation-object) | A definition of a DELETE operation on this path. | +| options | [Operation Object](#operation-object) | A definition of a OPTIONS operation on this path. | +| head | [Operation Object](#operation-object) | A definition of a HEAD operation on this path. | +| patch | [Operation Object](#operation-object) | A definition of a PATCH operation on this path. | +| trace | [Operation Object](#operation-object) | A definition of a TRACE operation on this path. | +| servers | [[Server Object](#server-object)] | An alternative `server` array to service all operations in this path. If an alternative server object is specified at the Root level, it will be overridden by this value. | +| parameters | [[Parameter Object](#parameter-object) \| [Reference Object](#reference-object)] | A list of parameters that are applicable for all the operations described under this path. These parameters can be overridden at the operation level, but cannot be removed there. The list MUST NOT include duplicated parameters. A unique parameter is defined by a combination of a [name](#parameter-name) and [location](#parameter-in). The list can use the [Reference Object](#reference-object) to link to parameters that are defined at the [OpenAPI Object's components/parameters](#components-parameters). | + +This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Path Item Object Example @@ -879,7 +879,7 @@ parameters: style: simple ``` -#### Operation Object +#### Operation Object Describes a single API operation on a path. @@ -887,20 +887,20 @@ Describes a single API operation on a path. | Field Name | Type | Description | | ------------------------------------------------ | :---------------------------------------------------------------------------------------: | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| tags | [`string`] | A list of tags for API documentation control. Tags can be used for logical grouping of operations by resources or any other qualifier. | -| summary | `string` | A short summary of what the operation does. | -| description | `string` | A verbose explanation of the operation behavior. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | -| externalDocs | [External Documentation Object](#externalDocumentationObject) | Additional external documentation for this operation. | -| operationId | `string` | Unique string used to identify the operation. The id MUST be unique among all operations described in the API. The operationId value is **case-sensitive**. Tools and libraries MAY use the operationId to uniquely identify an operation, therefore, it is RECOMMENDED to follow common programming naming conventions. | -| parameters | [[Parameter Object](#parameterObject) \| [Reference Object](#referenceObject)] | A list of parameters that are applicable for this operation. If a parameter is already defined at the [Path Item](#pathItemParameters), the new definition will override it but can never remove it. The list MUST NOT include duplicated parameters. A unique parameter is defined by a combination of a [name](#parameterName) and [location](#parameterIn). The list can use the [Reference Object](#referenceObject) to link to parameters that are defined at the [OpenAPI Object's components/parameters](#componentsParameters). | -| requestBody | [Request Body Object](#requestBodyObject) \| [Reference Object](#referenceObject) | The request body applicable for this operation. The `requestBody` is only supported in HTTP methods where the HTTP 1.1 specification [RFC7231](https://tools.ietf.org/html/rfc7231#section-4.3.1) has explicitly defined semantics for request bodies. In other cases where the HTTP spec is vague (such as [GET](https://tools.ietf.org/html/rfc7231#section-4.3.1), [HEAD](https://tools.ietf.org/html/rfc7231#section-4.3.2) and [DELETE](https://tools.ietf.org/html/rfc7231#section-4.3.5)), `requestBody` SHALL be ignored by consumers. | -| responses | [Responses Object](#responsesObject) | **REQUIRED**. The list of possible responses as they are returned from executing this operation. | -| callbacks | Map[`string`, [Callback Object](#callbackObject) \| [Reference Object](#referenceObject)] | A map of possible out-of band callbacks related to the parent operation. The key is a unique identifier for the Callback Object. Each value in the map is a [Callback Object](#callbackObject) that describes a request that may be initiated by the API provider and the expected responses. | -| deprecated | `boolean` | Declares this operation to be deprecated. Consumers SHOULD refrain from usage of the declared operation. Default value is `false`. | -| security | [[Security Requirement Object](#securityRequirementObject)] | A declaration of which security mechanisms can be used for this operation. The list of values includes alternative security requirement objects that can be used. Only one of the security requirement objects need to be satisfied to authorize a request. To make security optional, an empty security requirement (`{}`) can be included in the array. This definition overrides any declared top-level [`security`](#oasSecurity). To remove a top-level security declaration, an empty array can be used. | -| servers | [[Server Object](#serverObject)] | An alternative `server` array to service this operation. If an alternative `server` object is specified at the Path Item Object or Root level, it will be overridden by this value. | - -This object MAY be extended with [Specification Extensions](#specificationExtensions). +| tags | [`string`] | A list of tags for API documentation control. Tags can be used for logical grouping of operations by resources or any other qualifier. | +| summary | `string` | A short summary of what the operation does. | +| description | `string` | A verbose explanation of the operation behavior. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | +| externalDocs | [External Documentation Object](#external-documentation-object) | Additional external documentation for this operation. | +| operationId | `string` | Unique string used to identify the operation. The id MUST be unique among all operations described in the API. The operationId value is **case-sensitive**. Tools and libraries MAY use the operationId to uniquely identify an operation, therefore, it is RECOMMENDED to follow common programming naming conventions. | +| parameters | [[Parameter Object](#parameter-object) \| [Reference Object](#reference-object)] | A list of parameters that are applicable for this operation. If a parameter is already defined at the [Path Item](#path-item-parameters), the new definition will override it but can never remove it. The list MUST NOT include duplicated parameters. A unique parameter is defined by a combination of a [name](#parameter-name) and [location](#parameter-in). The list can use the [Reference Object](#reference-object) to link to parameters that are defined at the [OpenAPI Object's components/parameters](#components-parameters). | +| requestBody | [Request Body Object](#request-body-object) \| [Reference Object](#reference-object) | The request body applicable for this operation. The `requestBody` is only supported in HTTP methods where the HTTP 1.1 specification [RFC7231](https://tools.ietf.org/html/rfc7231#section-4.3.1) has explicitly defined semantics for request bodies. In other cases where the HTTP spec is vague (such as [GET](https://tools.ietf.org/html/rfc7231#section-4.3.1), [HEAD](https://tools.ietf.org/html/rfc7231#section-4.3.2) and [DELETE](https://tools.ietf.org/html/rfc7231#section-4.3.5)), `requestBody` SHALL be ignored by consumers. | +| responses | [Responses Object](#responses-object) | **REQUIRED**. The list of possible responses as they are returned from executing this operation. | +| callbacks | Map[`string`, [Callback Object](#callback-object) \| [Reference Object](#reference-object)] | A map of possible out-of band callbacks related to the parent operation. The key is a unique identifier for the Callback Object. Each value in the map is a [Callback Object](#callback-object) that describes a request that may be initiated by the API provider and the expected responses. | +| deprecated | `boolean` | Declares this operation to be deprecated. Consumers SHOULD refrain from usage of the declared operation. Default value is `false`. | +| security | [[Security Requirement Object](#security-requirement-object)] | A declaration of which security mechanisms can be used for this operation. The list of values includes alternative security requirement objects that can be used. Only one of the security requirement objects need to be satisfied to authorize a request. To make security optional, an empty security requirement (`{}`) can be included in the array. This definition overrides any declared top-level [`security`](#oas-security). To remove a top-level security declaration, an empty array can be used. | +| servers | [[Server Object](#server-object)] | An alternative `server` array to service this operation. If an alternative `server` object is specified at the Path Item Object or Root level, it will be overridden by this value. | + +This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Operation Object Example @@ -1007,7 +1007,7 @@ security: - read:pets ``` -#### External Documentation Object +#### External Documentation Object Allows referencing an external resource for extended documentation. @@ -1015,10 +1015,10 @@ Allows referencing an external resource for extended documentation. | Field Name | Type | Description | | ------------------------------------------------ | :------: | -------------------------------------------------------------------------------------------------------------------------------------- | -| description | `string` | A description of the target documentation. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | -| url | `string` | **REQUIRED**. The URL for the target documentation. This MUST be in the form of a URL. | +| description | `string` | A description of the target documentation. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | +| url | `string` | **REQUIRED**. The URL for the target documentation. This MUST be in the form of a URL. | -This object MAY be extended with [Specification Extensions](#specificationExtensions). +This object MAY be extended with [Specification Extensions](#specification-extensions). ##### External Documentation Object Example @@ -1034,19 +1034,19 @@ description: Find more info here url: https://example.com ``` -#### Parameter Object +#### Parameter Object Describes a single operation parameter. -A unique parameter is defined by a combination of a [name](#parameterName) and [location](#parameterIn). +A unique parameter is defined by a combination of a [name](#parameter-name) and [location](#parameter-in). -See [Appendix E](#percentEncodingAndFormMediaTypes) for a detailed examination of percent-encoding concerns, including interactions with the `application/x-www-form-urlencoded` query string format. +See [Appendix E](#appendix-e-percent-encoding-and-form-media-types) for a detailed examination of percent-encoding concerns, including interactions with the `application/x-www-form-urlencoded` query string format. ##### Parameter Locations There are four possible parameter locations specified by the `in` field: -* path - Used together with [Path Templating](#pathTemplating), where the parameter value is actually part of the operation's URL. This does not include the host or base path of the API. For example, in `/items/{itemId}`, the path parameter is `itemId`. +* path - Used together with [Path Templating](#path-templating), where the parameter value is actually part of the operation's URL. This does not include the host or base path of the API. For example, in `/items/{itemId}`, the path parameter is `itemId`. * query - Parameters that are appended to the URL. For example, in `/items?id=###`, the query parameter is `id`. * header - Custom headers that are expected as part of the request. Note that [RFC7230](https://tools.ietf.org/html/rfc7230#section-3.2) states header names are case insensitive. * cookie - Used to pass a specific cookie value to the API. @@ -1055,7 +1055,7 @@ There are four possible parameter locations specified by the `in` field: The rules for serialization of the parameter are specified in one of two ways. Parameter Objects MUST include either a `content` field or a `schema` field, but not both. -See [Appendix B](#dataTypeConversion) for a discussion of converting values of various types to string representations. +See [Appendix B](#appendix-b-data-type-conversion) for a discussion of converting values of various types to string representations. ###### Common Fixed Fields @@ -1063,50 +1063,50 @@ These fields MAY be used with either `content` or `schema`. | Field Name | Type | Description | | ------------------------------------------------------- | :-------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| name | `string` | **REQUIRED**. The name of the parameter. Parameter names are _case sensitive_.
  • If [`in`](#parameterIn) is `"path"`, the `name` field MUST correspond to a template expression occurring within the [path](#pathsPath) field in the [Paths Object](#pathsObject). See [Path Templating](#pathTemplating) for further information.
  • If [`in`](#parameterIn) is `"header"` and the `name` field is `"Accept"`, `"Content-Type"` or `"Authorization"`, the parameter definition SHALL be ignored.
  • For all other cases, the `name` corresponds to the parameter name used by the [`in`](#parameterIn) property.
| -| in | `string` | **REQUIRED**. The location of the parameter. Possible values are `"query"`, `"header"`, `"path"` or `"cookie"`. | -| description | `string` | A brief description of the parameter. This could contain examples of use. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | -| required | `boolean` | Determines whether this parameter is mandatory. If the [parameter location](#parameterIn) is `"path"`, this property is **REQUIRED** and its value MUST be `true`. Otherwise, the property MAY be included and its default value is `false`. | -| deprecated | `boolean` | Specifies that a parameter is deprecated and SHOULD be transitioned out of usage. Default value is `false`. | -| allowEmptyValue | `boolean` | If `true`, clients MAY pass a zero-length string value in place of parameters that would otherwise be omitted entirely, which the server SHOULD interpret as the parameter being unused. Default value is `false`. If [`style`](#parameterStyle) is used, and if [behavior is _n/a_ (cannot be serialized)](#style-examples), the value of `allowEmptyValue` SHALL be ignored. Interactions between this field and the parameter's [Schema Object](#schemaObject) are implementation-defined. This field is valid only for `query` parameters. Use of this property is NOT RECOMMENDED, and it is likely to be removed in a later revision. | +| name | `string` | **REQUIRED**. The name of the parameter. Parameter names are _case sensitive_.
  • If [`in`](#parameter-in) is `"path"`, the `name` field MUST correspond to a template expression occurring within the [path](#paths-path) field in the [Paths Object](#paths-object). See [Path Templating](#path-templating) for further information.
  • If [`in`](#parameter-in) is `"header"` and the `name` field is `"Accept"`, `"Content-Type"` or `"Authorization"`, the parameter definition SHALL be ignored.
  • For all other cases, the `name` corresponds to the parameter name used by the [`in`](#parameter-in) property.
| +| in | `string` | **REQUIRED**. The location of the parameter. Possible values are `"query"`, `"header"`, `"path"` or `"cookie"`. | +| description | `string` | A brief description of the parameter. This could contain examples of use. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | +| required | `boolean` | Determines whether this parameter is mandatory. If the [parameter location](#parameter-in) is `"path"`, this property is **REQUIRED** and its value MUST be `true`. Otherwise, the property MAY be included and its default value is `false`. | +| deprecated | `boolean` | Specifies that a parameter is deprecated and SHOULD be transitioned out of usage. Default value is `false`. | +| allowEmptyValue | `boolean` | If `true`, clients MAY pass a zero-length string value in place of parameters that would otherwise be omitted entirely, which the server SHOULD interpret as the parameter being unused. Default value is `false`. If [`style`](#parameter-style) is used, and if [behavior is _n/a_ (cannot be serialized)](#style-examples), the value of `allowEmptyValue` SHALL be ignored. Interactions between this field and the parameter's [Schema Object](#schema-object) are implementation-defined. This field is valid only for `query` parameters. Use of this property is NOT RECOMMENDED, and it is likely to be removed in a later revision. | -This object MAY be extended with [Specification Extensions](#specificationExtensions). +This object MAY be extended with [Specification Extensions](#specification-extensions). Note that while `"Cookie"` as a `name` is not forbidden with `in: header`, the effect of defining a cookie parameter that way is undefined; use `in: cookie` instead. ###### Fixed Fields for use with `schema` -For simpler scenarios, a [`schema`](#parameterSchema) and [`style`](#parameterStyle) can describe the structure and syntax of the parameter. +For simpler scenarios, a [`schema`](#parameter-schema) and [`style`](#parameter-style) can describe the structure and syntax of the parameter. When `example` or `examples` are provided in conjunction with the `schema` object, the example SHOULD match the specified schema and follow the prescribed serialization strategy for the parameter. The `example` and `examples` fields are mutually exclusive, and if either is present it SHALL _override_ any `example` in the schema. -Serializing with `schema` is NOT RECOMMENDED for `in: cookie` parameters, `in: header` parameters that use HTTP header parameters (name=value pairs following a `;`) in their values, or `in: header` parameters where values might have non-URL-safe characters; see [Appendix D](#serializingHeadersAndCookies) for details. +Serializing with `schema` is NOT RECOMMENDED for `in: cookie` parameters, `in: header` parameters that use HTTP header parameters (name=value pairs following a `;`) in their values, or `in: header` parameters where values might have non-URL-safe characters; see [Appendix D](#appendix-d-serializing-headers-and-cookies) for details. | Field Name | Type | Description | | -------------------------------------------------- | :--------------------------------------------------------------------------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| style | `string` | Describes how the parameter value will be serialized depending on the type of the parameter value. Default values (based on value of `in`): for `query` - `form`; for `path` - `simple`; for `header` - `simple`; for `cookie` - `form`. | -| explode | `boolean` | When this is true, parameter values of type `array` or `object` generate separate parameters for each value of the array or key-value pair of the map. For other types of parameters this property has no effect. When [`style`](#parameterStyle) is `form`, the default value is `true`. For all other styles, the default value is `false`. Note that despite `false` being the default for `deepObject`, the combination of `false` with `deepObject` is undefined. | -| allowReserved | `boolean` | When this is true, parameter values are serialized using reserved expansion, as defined by [RFC6570](https://datatracker.ietf.org/doc/html/rfc6570#section-3.2.3), which allows [RFC3986's reserved character set](https://datatracker.ietf.org/doc/html/rfc3986#section-2.2), as well as percent-encoded triples, to pass through unchanged, while still percent-encoding all other disallowed characters (including `%` outside of percent-encoded triples). Applications are still responsible for percent-encoding reserved characters that are [not allowed in the query string](https://datatracker.ietf.org/doc/html/rfc3986#section-3.4) (`[`, `]`, `#`), or have a special meaning in `application/x-www-form-urlencoded` (`-`, `&`, `+`); see Appendices [C](#usingRFC6570Implementations) and [E](#percentEncodingAndFormMediaTypes) for details. This property only applies to parameters with an `in` value of `query`. The default value is `false`. | -| schema | [Schema Object](#schemaObject) \| [Reference Object](#referenceObject) | The schema defining the type used for the parameter. | -| example | Any | Example of the parameter's potential value; see [Working With Examples](#working-with-examples). | -| examples | Map[ `string`, [Example Object](#exampleObject) \| [Reference Object](#referenceObject)] | Examples of the parameter's potential value; see [Working With Examples](#working-with-examples). | +| style | `string` | Describes how the parameter value will be serialized depending on the type of the parameter value. Default values (based on value of `in`): for `query` - `form`; for `path` - `simple`; for `header` - `simple`; for `cookie` - `form`. | +| explode | `boolean` | When this is true, parameter values of type `array` or `object` generate separate parameters for each value of the array or key-value pair of the map. For other types of parameters this property has no effect. When [`style`](#parameter-style) is `form`, the default value is `true`. For all other styles, the default value is `false`. Note that despite `false` being the default for `deepObject`, the combination of `false` with `deepObject` is undefined. | +| allowReserved | `boolean` | When this is true, parameter values are serialized using reserved expansion, as defined by [RFC6570](https://datatracker.ietf.org/doc/html/rfc6570#section-3.2.3), which allows [RFC3986's reserved character set](https://datatracker.ietf.org/doc/html/rfc3986#section-2.2), as well as percent-encoded triples, to pass through unchanged, while still percent-encoding all other disallowed characters (including `%` outside of percent-encoded triples). Applications are still responsible for percent-encoding reserved characters that are [not allowed in the query string](https://datatracker.ietf.org/doc/html/rfc3986#section-3.4) (`[`, `]`, `#`), or have a special meaning in `application/x-www-form-urlencoded` (`-`, `&`, `+`); see Appendices [C](#appendix-c-using-rfc6570-implementations) and [E](#appendix-e-percent-encoding-and-form-media-types) for details. This property only applies to parameters with an `in` value of `query`. The default value is `false`. | +| schema | [Schema Object](#schema-object) \| [Reference Object](#reference-object) | The schema defining the type used for the parameter. | +| example | Any | Example of the parameter's potential value; see [Working With Examples](#working-with-examples). | +| examples | Map[ `string`, [Example Object](#example-object) \| [Reference Object](#reference-object)] | Examples of the parameter's potential value; see [Working With Examples](#working-with-examples). | -See also [Appendix C: Using RFC6570 Implementations](#usingRFC6570Implementations) for additional guidance. +See also [Appendix C: Using RFC6570 Implementations](#appendix-c-using-rfc6570-implementations) for additional guidance. ###### Fixed Fields for use with `content` -For more complex scenarios, the [`content`](#parameterContent) property can define the media type and schema of the parameter, as well as give examples of its use. +For more complex scenarios, the [`content`](#parameter-content) property can define the media type and schema of the parameter, as well as give examples of its use. Using `content` with a `text/plain` media type is RECOMMENDED for `in: header` and `in: cookie` parameters where the `schema` strategy is not appropriate. | Field Name | Type | Description | | -------------------------------------- | :--------------------------------------------------: | -------------------------------------------------------------------------------------------------------------------------------------------------- | -| content | Map[`string`, [Media Type Object](#mediaTypeObject)] | A map containing the representations for the parameter. The key is the media type and the value describes it. The map MUST only contain one entry. | +| content | Map[`string`, [Media Type Object](#media-type-object)] | A map containing the representations for the parameter. The key is the media type and the value describes it. The map MUST only contain one entry. | -##### Style Values +##### Style Values In order to support common ways of serializing simple parameters, a set of `style` values are defined. -| `style` | [`type`](#dataTypes) | `in` | Comments | +| `style` | [`type`](#data-types) | `in` | Comments | | -------------- | ------------------------------ | ----------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | matrix | `primitive`, `array`, `object` | `path` | Path-style parameters defined by [RFC6570](https://tools.ietf.org/html/rfc6570#section-3.2.7) | | label | `primitive`, `array`, `object` | `path` | Label style parameters defined by [RFC6570](https://tools.ietf.org/html/rfc6570#section-3.2.5) | @@ -1116,7 +1116,7 @@ In order to support common ways of serializing simple parameters, a set of `styl | pipeDelimited | `array`, `object` | `query` | Pipe separated array values or object properties and values. This option replaces `collectionFormat` equal to `pipes` from OpenAPI 2.0. | | deepObject | `object` | `query` | Allows objects with scalar properties to be represented using form parameters. The representation of array or object properties is not defined. | -See [Appendix E](#percentEncodingAndFormMediaTypes) for a discussion of percent-encoding, including when delimiters need to be percent-encoded and options for handling collisions with percent-encoded data. +See [Appendix E](#appendix-e-percent-encoding-and-form-media-types) for a discussion of percent-encoding, including when delimiters need to be percent-encoded and options for handling collisions with percent-encoded data. ##### Style Examples @@ -1133,11 +1133,11 @@ The following table shows examples, as would be shown with the `example` or `exa * The value _empty_ denotes the empty string, and is unrelated to the `allowEmptyValue` field * The behavior of combinations marked _n/a_ is undefined * The `undefined` replaces the `empty` column in previous versions of this specification in order to better align with [RFC6570](https://www.rfc-editor.org/rfc/rfc6570.html#section-2.3) terminology, which describes certain values including but not limited to `null` as "undefined" values with special handling; notably, the empty string is _not_ undefined -* For `form` and the non-RFC6570 query string styles `spaceDelimited`, `pipeDelimited`, and `deepObject`, each example is shown prefixed with `?` as if it were the only query parameter; see [Appendix C](#usingRFC6570Implementations) for more information on constructing query strings from multiple parameters, and [Appendix D](#serializingHeadersAndCookies) for warnings regarding `form` and cookie parameters -* Note that the `?` prefix is not appropriate for serializing `application/x-www-form-urlencoded` HTTP message bodies, and MUST be stripped or (if constructing the string manually) not added when used in that context; see the [Encoding Object](#encodingObject) for more information -* The examples are percent-encoded as required by RFC6570 and RFC3986; see [Appendix E](#percentEncodingAndFormMediaTypes) for a thorough discussion of percent-encoding concerns, including why unencoded `|` (`%7C`), `[` (`%5B`), and `]` (`%5D`) seem to work in some environments despite not being compliant. +* For `form` and the non-RFC6570 query string styles `spaceDelimited`, `pipeDelimited`, and `deepObject`, each example is shown prefixed with `?` as if it were the only query parameter; see [Appendix C](#appendix-c-using-rfc6570-implementations) for more information on constructing query strings from multiple parameters, and [Appendix D](#appendix-d-serializing-headers-and-cookies) for warnings regarding `form` and cookie parameters +* Note that the `?` prefix is not appropriate for serializing `application/x-www-form-urlencoded` HTTP message bodies, and MUST be stripped or (if constructing the string manually) not added when used in that context; see the [Encoding Object](#encoding-object) for more information +* The examples are percent-encoded as required by RFC6570 and RFC3986; see [Appendix E](#appendix-e-percent-encoding-and-form-media-types) for a thorough discussion of percent-encoding concerns, including why unencoded `|` (`%7C`), `[` (`%5B`), and `]` (`%5D`) seem to work in some environments despite not being compliant. -| [`style`](#styleValues) | `explode` | `empty` | `string` | `array` | `object` | +| [`style`](#style-values) | `explode` | `empty` | `string` | `array` | `object` | | ----------------------- | --------- | ------------------------------------------------- | ----------------------------------------------------- | ----------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------- | | matrix | false | ;color | ;color=blue | ;color=blue,black,brown | ;color=R,100,G,200,B,150 | | matrix | true | ;color | ;color=blue | ;color=blue;color=black;color=brown | ;R=100;G=200;B=150 | @@ -1311,7 +1311,7 @@ content: type: number ``` -#### Request Body Object +#### Request Body Object Describes a single request body. @@ -1319,11 +1319,11 @@ Describes a single request body. | Field Name | Type | Description | | ------------------------------------------------ | :--------------------------------------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| description | `string` | A brief description of the request body. This could contain examples of use. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | -| content | Map[`string`, [Media Type Object](#mediaTypeObject)] | **REQUIRED**. The content of the request body. The key is a media type or [media type range](https://tools.ietf.org/html/rfc7231#appendix-D) and the value describes it. For requests that match multiple keys, only the most specific key is applicable. e.g. text/plain overrides text/\* | -| required | `boolean` | Determines if the request body is required in the request. Defaults to `false`. | +| description | `string` | A brief description of the request body. This could contain examples of use. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | +| content | Map[`string`, [Media Type Object](#media-type-object)] | **REQUIRED**. The content of the request body. The key is a media type or [media type range](https://tools.ietf.org/html/rfc7231#appendix-D) and the value describes it. For requests that match multiple keys, only the most specific key is applicable. e.g. text/plain overrides text/\* | +| required | `boolean` | Determines if the request body is required in the request. Defaults to `false`. | -This object MAY be extended with [Specification Extensions](#specificationExtensions). +This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Request Body Examples @@ -1404,7 +1404,7 @@ content: externalValue: https://foo.bar/examples/user-example.whatever ``` -#### Media Type Object +#### Media Type Object Each Media Type Object provides schema and examples for the media type identified by its key. @@ -1416,12 +1416,12 @@ See [Working With Examples](#working-with-examples) for further guidance regardi | Field Name | Type | Description | | ---------------------------------------- | :--------------------------------------------------------------------------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| schema | [Schema Object](#schemaObject) \| [Reference Object](#referenceObject) | The schema defining the content of the request, response, parameter, or header. | -| example | Any | Example of the media type; see [Working With Examples](#working-with-examples). | -| examples | Map[ `string`, [Example Object](#exampleObject) \| [Reference Object](#referenceObject)] | Examples of the media type; see [Working With Examples](#working-with-examples). | -| encoding | Map[`string`, [Encoding Object](#encodingObject)] | A map between a property name and its encoding information. The key, being the property name, MUST exist in the schema as a property. The encoding attribute SHALL only apply to [Request Body Objects](#requestBodyObject), and only when the media type is `multipart` or `application/x-www-form-urlencoded`. If no Encoding Object is provided for a property, the behavior is determined by the default values documented for the Encoding Object. | +| schema | [Schema Object](#schema-object) \| [Reference Object](#reference-object) | The schema defining the content of the request, response, parameter, or header. | +| example | Any | Example of the media type; see [Working With Examples](#working-with-examples). | +| examples | Map[ `string`, [Example Object](#example-object) \| [Reference Object](#reference-object)] | Examples of the media type; see [Working With Examples](#working-with-examples). | +| encoding | Map[`string`, [Encoding Object](#encoding-object)] | A map between a property name and its encoding information. The key, being the property name, MUST exist in the schema as a property. The encoding attribute SHALL only apply to [Request Body Objects](#request-body-object), and only when the media type is `multipart` or `application/x-www-form-urlencoded`. If no Encoding Object is provided for a property, the behavior is determined by the default values documented for the Encoding Object. | -This object MAY be extended with [Specification Extensions](#specificationExtensions). +This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Media Type Examples @@ -1537,15 +1537,15 @@ See [Encoding the `x-www-form-urlencoded` Media Type](#encoding-the-x-www-form-u See [Encoding `multipart` Media Types](#encoding-multipart-media-types) for further guidance and examples, both with and without the `encoding` attribute. -#### Encoding Object +#### Encoding Object A single encoding definition applied to a single schema property. -See [Appendix B](#dataTypeConversion) for a discussion of converting values of various types to string representations. +See [Appendix B](#appendix-b-data-type-conversion) for a discussion of converting values of various types to string representations. Properties are correlated with `multipart` parts using the `name` parameter to `Content-Disposition: form-data`, and with `application/x-www-form-urlencoded` using the query string parameter names. In both cases, their order is implementation-defined. -See [Appendix E](#percentEncodingAndFormMediaTypes) for a detailed examination of percent-encoding concerns for form media types. +See [Appendix E](#appendix-e-percent-encoding-and-form-media-types) for a detailed examination of percent-encoding concerns for form media types. ##### Fixed Fields @@ -1555,10 +1555,10 @@ These fields MAY be used either with or without the RFC6570-style serialization | Field Name | Type | Description | | --------------------------------------------- | :-----------------------------------------------------------------------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| contentType | `string` | The `Content-Type` for encoding a specific property. The value is a comma-separated list, each element of which is either a specific media type (e.g. `image/png`) or a wildcard media type (e.g. `image/*`). Default value depends on the property type as shown in the table below. | -| headers | Map[`string`, [Header Object](#headerObject) \| [Reference Object](#referenceObject)] | A map allowing additional information to be provided as headers. `Content-Type` is described separately and SHALL be ignored in this section. This property SHALL be ignored if the request body media type is not a `multipart`. | +| contentType | `string` | The `Content-Type` for encoding a specific property. The value is a comma-separated list, each element of which is either a specific media type (e.g. `image/png`) or a wildcard media type (e.g. `image/*`). Default value depends on the property type as shown in the table below. | +| headers | Map[`string`, [Header Object](#header-object) \| [Reference Object](#reference-object)] | A map allowing additional information to be provided as headers. `Content-Type` is described separately and SHALL be ignored in this section. This property SHALL be ignored if the request body media type is not a `multipart`. | -This object MAY be extended with [Specification Extensions](#specificationExtensions). +This object MAY be extended with [Specification Extensions](#specification-extensions). The default values for `contentType` are as follows, where an _n/a_ in the `format` column means that the presence or value of `format` is irrelevant: @@ -1572,17 +1572,17 @@ The default values for `contentType` are as follows, where an _n/a_ in the `form Determining how to handle `null` values if `nullable: true` is present depends on how `null` values are being serialized. If `null` values are entirely omitted, then the `contentType` is irrelevant. -See [Appendix B](#dataTypeConversion) for a discussion of data type conversion options. +See [Appendix B](#appendix-b-data-type-conversion) for a discussion of data type conversion options. ###### Fixed Fields for RFC6570-style Serialization | Field Name | Type | Description | | ------------------------------------------------- | :-------: | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| style | `string` | Describes how a specific property value will be serialized depending on its type. See [Parameter Object](#parameterObject) for details on the [`style`](#parameterStyle) property. The behavior follows the same values as `query` parameters, including default values. Note that the initial `?` used in query strings is not used in `application/x-www-form-urlencoded` message bodies, and MUST be removed (if using an RFC6570 implementation) or simply not added (if constructing the string manually). This property SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. | -| explode | `boolean` | When this is true, property values of type `array` or `object` generate separate parameters for each value of the array, or key-value-pair of the map. For other types of properties this property has no effect. When [`style`](#encodingStyle) is `form`, the default value is `true`. For all other styles, the default value is `false`. Note that despite `false` being the default for `deepObject`, the combination of `false` with `deepObject` is undefined. This property SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. | -| allowReserved | `boolean` | When this is true, parameter values are serialized using reserved expansion, as defined by [RFC6570](https://datatracker.ietf.org/doc/html/rfc6570#section-3.2.3), which allows [RFC3986's reserved character set](https://datatracker.ietf.org/doc/html/rfc3986#section-2.2), as well as percent-encoded triples, to pass through unchanged, while still percent-encoding all other disallowed characters (including `%` outside of percent-encoded triples). Applications are still responsible for percent-encoding reserved characters that are [not allowed in the query string](https://datatracker.ietf.org/doc/html/rfc3986#section-3.4) (`[`, `]`, `#`), or have a special meaning in `application/x-www-form-urlencoded` (`-`, `&`, `+`); see Appendices [C](#usingRFC6570Implementations) and [E](#percentEncodingAndFormMediaTypes) for details. The default value is `false`. This property SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. | +| style | `string` | Describes how a specific property value will be serialized depending on its type. See [Parameter Object](#parameter-object) for details on the [`style`](#parameter-style) property. The behavior follows the same values as `query` parameters, including default values. Note that the initial `?` used in query strings is not used in `application/x-www-form-urlencoded` message bodies, and MUST be removed (if using an RFC6570 implementation) or simply not added (if constructing the string manually). This property SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. | +| explode | `boolean` | When this is true, property values of type `array` or `object` generate separate parameters for each value of the array, or key-value-pair of the map. For other types of properties this property has no effect. When [`style`](#encoding-style) is `form`, the default value is `true`. For all other styles, the default value is `false`. Note that despite `false` being the default for `deepObject`, the combination of `false` with `deepObject` is undefined. This property SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. | +| allowReserved | `boolean` | When this is true, parameter values are serialized using reserved expansion, as defined by [RFC6570](https://datatracker.ietf.org/doc/html/rfc6570#section-3.2.3), which allows [RFC3986's reserved character set](https://datatracker.ietf.org/doc/html/rfc3986#section-2.2), as well as percent-encoded triples, to pass through unchanged, while still percent-encoding all other disallowed characters (including `%` outside of percent-encoded triples). Applications are still responsible for percent-encoding reserved characters that are [not allowed in the query string](https://datatracker.ietf.org/doc/html/rfc3986#section-3.4) (`[`, `]`, `#`), or have a special meaning in `application/x-www-form-urlencoded` (`-`, `&`, `+`); see Appendices [C](#appendix-c-using-rfc6570-implementations) and [E](#appendix-e-percent-encoding-and-form-media-types) for details. The default value is `false`. This property SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. | -See also [Appendix C: Using RFC6570 Implementations](#usingRFC6570Implementations) for additional guidance. +See also [Appendix C: Using RFC6570 Implementations](#appendix-c-using-rfc6570-implementations) for additional guidance. The role of `contentType` with `application/x-www-form-urlencoded` request bodies was not described in detail in version 3.0.3 and earlier of this specification. To match the intent of these fields and be compatible with version 3.1 of this specification, it is RECOMMENDED that whenever any of `style`, `explode`, or `allowReserved` are present with an explicit value: @@ -1600,14 +1600,14 @@ The absence of all three of those fields is the equivalent of using `content`, b ##### Encoding the `x-www-form-urlencoded` Media Type -To submit content using form url encoding via [RFC1866](https://tools.ietf.org/html/rfc1866), use the `application/x-www-form-urlencoded` media type in the [Media Type Object](#mediaTypeObject) under the [Request Body Object](#requestBodyObject). +To submit content using form url encoding via [RFC1866](https://tools.ietf.org/html/rfc1866), use the `application/x-www-form-urlencoded` media type in the [Media Type Object](#media-type-object) under the [Request Body Object](#request-body-object). This configuration means that the request body MUST be encoded per [RFC1866](https://tools.ietf.org/html/rfc1866) when passed to the server, after any complex objects have been serialized to a string representation. -See [Appendix E](#percentEncodingAndFormMediaTypes) for a detailed examination of percent-encoding concerns for form media types. +See [Appendix E](#appendix-e-percent-encoding-and-form-media-types) for a detailed examination of percent-encoding concerns for form media types. ###### Example: URL Encoded Form with JSON Values -When there is no [`encoding` field](#mediaTypeEncoding), the serialization strategy is based on the Encoding Object's default values: +When there is no [`encoding` field](#media-type-encoding), the serialization strategy is based on the Encoding Object's default values: ```yaml requestBody: @@ -1642,7 +1642,7 @@ Assuming the most compact representation of the JSON value (with unnecessary whi id=f81d4fae-7dec-11d0-a765-00a0c91e6bf6&address=%7B%22streetAddress%22:%22123+Example+Dr.%22,%22city%22:%22Somewhere%22,%22state%22:%22CA%22,%22zip%22:%2299999%2B1234%22%7D ``` -Note that the `id` keyword is treated as `text/plain` per the [Encoding Object](#encodingObject)'s default behavior, and is serialized as-is. +Note that the `id` keyword is treated as `text/plain` per the [Encoding Object](#encoding-object)'s default behavior, and is serialized as-is. If it were treated as `application/json`, then the serialized value would be a JSON string including quotation marks, which would be percent-encoded as `%22`. Here is the `id` parameter (without `address`) serialized as `application/json` instead of `text/plain`, and then encoded per RFC1866: @@ -1700,12 +1700,12 @@ Note that there are significant restrictions on what headers can be used with `m Note also that `Content-Transfer-Encoding` is deprecated for `multipart/form-data` ([RFC7578](https://www.rfc-editor.org/rfc/rfc7578.html#section-4.7)) where binary data is supported, as it is in HTTP. -Using `format: byte` for a multipart field is equivalent to specifying an [Encoding Object](#encodingObject) with a `headers` field containing `Content-Transfer-Encoding` with a schema that requires the value `base64`. +Using `format: byte` for a multipart field is equivalent to specifying an [Encoding Object](#encoding-object) with a `headers` field containing `Content-Transfer-Encoding` with a schema that requires the value `base64`. If `format: byte` is used for a multipart field that has an Encoding Object with a `headers` field containing `Content-Transfer-Encoding` with a schema that disallows `base64`, the result is undefined for serialization and parsing. Per the JSON Schema specification, `contentMediaType` without `contentEncoding` present is treated as if `contentEncoding: identity` were present. While useful for embedding text documents such as `text/html` into JSON strings, it is not useful for a `multipart/form-data` part, as it just causes the document to be treated as `text/plain` instead of its actual media type. Use the Encoding Object without `contentMediaType` if no `contentEncoding` is required. -See [Appendix E](#percentEncodingAndFormMediaTypes) for a detailed examination of percent-encoding concerns for form media types. +See [Appendix E](#appendix-e-percent-encoding-and-form-media-types) for a detailed examination of percent-encoding concerns for form media types. ###### Example: Basic Multipart Form @@ -1797,7 +1797,7 @@ requestBody: format: binary ``` -#### Responses Object +#### Responses Object A container for the expected responses of an operation. The container maps a HTTP response code to the expected response. @@ -1816,15 +1816,15 @@ call. | Field Name | Type | Description | | -------------------------------------- | :------------------------------------------------------------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| default | [Response Object](#responseObject) \| [Reference Object](#referenceObject) | The documentation of responses other than the ones declared for specific HTTP response codes. Use this field to cover undeclared responses. A [Reference Object](#referenceObject) can link to a response that the [OpenAPI Object's components/responses](#componentsResponses) section defines. | +| default | [Response Object](#response-object) \| [Reference Object](#reference-object) | The documentation of responses other than the ones declared for specific HTTP response codes. Use this field to cover undeclared responses. A [Reference Object](#reference-object) can link to a response that the [OpenAPI Object's components/responses](#components-responses) section defines. | ##### Patterned Fields | Field Pattern | Type | Description | | ---------------------------------------------------------- | :------------------------------------------------------------------------: | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| [HTTP Status Code](#httpCodes) | [Response Object](#responseObject) \| [Reference Object](#referenceObject) | Any [HTTP status code](#httpCodes) can be used as the property name, but only one property per code, to describe the expected response for that HTTP status code. A [Reference Object](#referenceObject) can link to a response that is defined in the [OpenAPI Object's components/responses](#componentsResponses) section. This field MUST be enclosed in quotation marks (for example, "200") for compatibility between JSON and YAML. To define a range of response codes, this field MAY contain the uppercase wildcard character `X`. For example, `2XX` represents all response codes between `[200-299]`. Only the following range definitions are allowed: `1XX`, `2XX`, `3XX`, `4XX`, and `5XX`. If a response is defined using an explicit code, the explicit code definition takes precedence over the range definition for that code. | +| [HTTP Status Code](#http-status-codes) | [Response Object](#response-object) \| [Reference Object](#reference-object) | Any [HTTP status code](#http-status-codes) can be used as the property name, but only one property per code, to describe the expected response for that HTTP status code. A [Reference Object](#reference-object) can link to a response that is defined in the [OpenAPI Object's components/responses](#components-responses) section. This field MUST be enclosed in quotation marks (for example, "200") for compatibility between JSON and YAML. To define a range of response codes, this field MAY contain the uppercase wildcard character `X`. For example, `2XX` represents all response codes between `[200-299]`. Only the following range definitions are allowed: `1XX`, `2XX`, `3XX`, `4XX`, and `5XX`. If a response is defined using an explicit code, the explicit code definition takes precedence over the range definition for that code. | -This object MAY be extended with [Specification Extensions](#specificationExtensions). +This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Responses Object Example @@ -1870,7 +1870,7 @@ default: $ref: '#/components/schemas/ErrorModel' ``` -#### Response Object +#### Response Object Describes a single response from an API Operation, including design-time, static `links` to operations based on the response. @@ -1879,12 +1879,12 @@ Describes a single response from an API Operation, including design-time, static | Field Name | Type | Description | | --------------------------------------------- | :-----------------------------------------------------------------------------------: | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| description | `string` | **REQUIRED**. A description of the response. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | -| headers | Map[`string`, [Header Object](#headerObject) \| [Reference Object](#referenceObject)] | Maps a header name to its definition. [RFC7230](https://tools.ietf.org/html/rfc7230#section-3.2) states header names are case insensitive. If a response header is defined with the name `"Content-Type"`, it SHALL be ignored. | -| content | Map[`string`, [Media Type Object](#mediaTypeObject)] | A map containing descriptions of potential response payloads. The key is a media type or [media type range](https://tools.ietf.org/html/rfc7231#appendix-D) and the value describes it. For responses that match multiple keys, only the most specific key is applicable. e.g. text/plain overrides text/\* | -| links | Map[`string`, [Link Object](#linkObject) \| [Reference Object](#referenceObject)] | A map of operations links that can be followed from the response. The key of the map is a short name for the link, following the naming constraints of the names for [Component Objects](#componentsObject). | +| description | `string` | **REQUIRED**. A description of the response. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | +| headers | Map[`string`, [Header Object](#header-object) \| [Reference Object](#reference-object)] | Maps a header name to its definition. [RFC7230](https://tools.ietf.org/html/rfc7230#section-3.2) states header names are case insensitive. If a response header is defined with the name `"Content-Type"`, it SHALL be ignored. | +| content | Map[`string`, [Media Type Object](#media-type-object)] | A map containing descriptions of potential response payloads. The key is a media type or [media type range](https://tools.ietf.org/html/rfc7231#appendix-D) and the value describes it. For responses that match multiple keys, only the most specific key is applicable. e.g. text/plain overrides text/\* | +| links | Map[`string`, [Link Object](#link-object) \| [Reference Object](#reference-object)] | A map of operations links that can be followed from the response. The key of the map is a short name for the link, following the naming constraints of the names for [Component Objects](#components-object). | -This object MAY be extended with [Specification Extensions](#specificationExtensions). +This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Response Object Examples @@ -2009,25 +2009,25 @@ Response with no return value: description: object created ``` -#### Callback Object +#### Callback Object A map of possible out-of band callbacks related to the parent operation. -Each value in the map is a [Path Item Object](#pathItemObject) that describes a set of requests that may be initiated by the API provider and the expected responses. +Each value in the map is a [Path Item Object](#path-item-object) that describes a set of requests that may be initiated by the API provider and the expected responses. The key value used to identify the path item object is an expression, evaluated at runtime, that identifies a URL to use for the callback operation. ##### Patterned Fields | Field Pattern | Type | Description | | --------------------------------------------- | :---------------------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------- | -| {expression} | [Path Item Object](#pathItemObject) | A Path Item Object used to define a callback request and expected responses. A [complete example](../examples/v3.0/callback-example.yaml) is available. | +| {expression} | [Path Item Object](#path-item-object) | A Path Item Object used to define a callback request and expected responses. A [complete example](../examples/v3.0/callback-example.yaml) is available. | -This object MAY be extended with [Specification Extensions](#specificationExtensions). +This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Key Expression -The key that identifies the [Path Item Object](#pathItemObject) is a [runtime expression](#runtimeExpression) that can be evaluated in the context of a runtime HTTP request/response to identify the URL to be used for the callback request. +The key that identifies the [Path Item Object](#path-item-object) is a [runtime expression](#runtime-expressions) that can be evaluated in the context of a runtime HTTP request/response to identify the URL to be used for the callback request. A simple example might be `$request.body#/url`. -However, using a [runtime expression](#runtimeExpression) the complete HTTP message can be accessed. +However, using a [runtime expression](#runtime-expressions) the complete HTTP message can be accessed. This includes accessing any part of a body that a JSON Pointer [RFC6901](https://tools.ietf.org/html/rfc6901) can reference. For example, given the following HTTP request: @@ -2100,10 +2100,10 @@ transactionCallback: description: callback successfully processed ``` -#### Example Object +#### Example Object An object grouping an internal or external example value with basic `summary` and `description` metadata. -This object is typically used in properties named `examples` (plural), and is a [referenceable](#referenceObject) alternative to older `example` (singular) fields that do not support referencing or metadata. +This object is typically used in properties named `examples` (plural), and is a [referenceable](#reference-object) alternative to older `example` (singular) fields that do not support referencing or metadata. Examples allow demonstration of the usage of properties, parameters and objects within OpenAPI. @@ -2111,27 +2111,27 @@ Examples allow demonstration of the usage of properties, parameters and objects | Field Name | Type | Description | | ------------------------------------------------ | :------: | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| summary | `string` | Short description for the example. | -| description | `string` | Long description for the example. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | -| value | Any | Embedded literal example. The `value` field and `externalValue` field are mutually exclusive. To represent examples of media types that cannot naturally represented in JSON or YAML, use a string value to contain the example, escaping where necessary. | -| externalValue | `string` | A URL that points to the literal example. This provides the capability to reference examples that cannot easily be included in JSON or YAML documents. The `value` field and `externalValue` field are mutually exclusive. See the rules for resolving [Relative References](#relativeReferences). | +| summary | `string` | Short description for the example. | +| description | `string` | Long description for the example. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | +| value | Any | Embedded literal example. The `value` field and `externalValue` field are mutually exclusive. To represent examples of media types that cannot naturally represented in JSON or YAML, use a string value to contain the example, escaping where necessary. | +| externalValue | `string` | A URL that points to the literal example. This provides the capability to reference examples that cannot easily be included in JSON or YAML documents. The `value` field and `externalValue` field are mutually exclusive. See the rules for resolving [Relative References](#relative-references-in-urls). | -This object MAY be extended with [Specification Extensions](#specificationExtensions). +This object MAY be extended with [Specification Extensions](#specification-extensions). In all cases, the example value SHOULD be compatible with the schema of its associated value. Tooling implementations MAY choose to validate compatibility automatically, and reject the example value(s) if incompatible. #### Working With Examples -Example Objects can be used in both [Parameter Objects](#parameterObject) and [Media Type Objects](#mediaTypeObject). +Example Objects can be used in both [Parameter Objects](#parameter-object) and [Media Type Objects](#media-type-object). In both Objects, this is done through the `examples` (plural) field. -However, there are two other ways to provide examples: The `example` (singular) field that is mutually exclusive with `examples` in both Objects, and the `example` (singular) field in the [Schema Object](#schemaObject) that appears in the `schema` field of both Objects. +However, there are two other ways to provide examples: The `example` (singular) field that is mutually exclusive with `examples` in both Objects, and the `example` (singular) field in the [Schema Object](#schema-object) that appears in the `schema` field of both Objects. Each of these fields has slightly different considerations. The Schema Object's `example` field is used to show example values without regard to how they might be formatted as parameters or within media type representations. The mutually exclusive fields in the Parameter or Media Type Objects are used to show example values which SHOULD both match the schema and be formatted as they would appear as a serialized parameter or within a media type representation. -The exact serialization and encoding is determined by various fields in the Parameter Object, or in the Media Type Object's [Encoding Object](#encodingObject). +The exact serialization and encoding is determined by various fields in the Parameter Object, or in the Media Type Object's [Encoding Object](#encoding-object). Because examples using these fields represent the final serialized form of the data, they SHALL _override_ any `example` in the corresponding Schema Object. The singular `example` field in the Parameter or Media Type object is concise and convenient for simple examples, but does not offer any other advantages over using Example Objects under `examples`. @@ -2272,27 +2272,27 @@ application/x-www-form-urlencoded: In this example, the JSON string had to be serialized before encoding it into the URL form value, so the example includes the quotation marks that are part of the JSON serialization, which are then URL percent-encoded. -#### Link Object +#### Link Object The Link Object represents a possible design-time link for a response. The presence of a link does not guarantee the caller's ability to successfully invoke it, rather it provides a known relationship and traversal mechanism between responses and other operations. Unlike _dynamic_ links (i.e. links provided **in** the response payload), the OAS linking mechanism does not require link information in the runtime response. -For computing links, and providing instructions to execute them, a [runtime expression](#runtimeExpression) is used for accessing values in an operation and using them as parameters while invoking the linked operation. +For computing links, and providing instructions to execute them, a [runtime expression](#runtime-expressions) is used for accessing values in an operation and using them as parameters while invoking the linked operation. ##### Fixed Fields | Field Name | Type | Description | | ------------------------------------------- | :------------------------------------------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| operationRef | `string` | A relative or absolute URI reference to an OAS operation. This field is mutually exclusive of the `operationId` field, and MUST point to an [Operation Object](#operationObject). Relative `operationRef` values MAY be used to locate an existing [Operation Object](#operationObject) in the OpenAPI description. | -| operationId | `string` | The name of an _existing_, resolvable OAS operation, as defined with a unique `operationId`. This field is mutually exclusive of the `operationRef` field. | -| parameters | Map[`string`, Any \| [{expression}](#runtimeExpression)] | A map representing parameters to pass to an operation as specified with `operationId` or identified via `operationRef`. The key is the parameter name to be used (optionally qualified with the parameter location, e.g. `path.id` for an `id` parameter in the path), whereas the value can be a constant or an expression to be evaluated and passed to the linked operation. | -| requestBody | Any \| [{expression}](#runtimeExpression) | A literal value or [{expression}](#runtimeExpression) to use as a request body when calling the target operation. | -| description | `string` | A description of the link. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | -| server | [Server Object](#serverObject) | A server object to be used by the target operation. | +| operationRef | `string` | A relative or absolute URI reference to an OAS operation. This field is mutually exclusive of the `operationId` field, and MUST point to an [Operation Object](#operation-object). Relative `operationRef` values MAY be used to locate an existing [Operation Object](#operation-object) in the OpenAPI description. | +| operationId | `string` | The name of an _existing_, resolvable OAS operation, as defined with a unique `operationId`. This field is mutually exclusive of the `operationRef` field. | +| parameters | Map[`string`, Any \| [{expression}](#runtime-expressions)] | A map representing parameters to pass to an operation as specified with `operationId` or identified via `operationRef`. The key is the parameter name to be used (optionally qualified with the parameter location, e.g. `path.id` for an `id` parameter in the path), whereas the value can be a constant or an expression to be evaluated and passed to the linked operation. | +| requestBody | Any \| [{expression}](#runtime-expressions) | A literal value or [{expression}](#runtime-expressions) to use as a request body when calling the target operation. | +| description | `string` | A description of the link. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | +| server | [Server Object](#server-object) | A server object to be used by the target operation. | -This object MAY be extended with [Specification Extensions](#specificationExtensions). +This object MAY be extended with [Specification Extensions](#specification-extensions). A linked operation MUST be identified using either an `operationRef` or `operationId`. In the case of an `operationId`, it MUST be unique and resolved in the scope of the OpenAPI description. @@ -2372,7 +2372,7 @@ solely by the existence of a relationship. ##### OperationRef Examples As references to `operationId` MAY NOT be possible (the `operationId` is an optional -field in an [Operation Object](#operationObject)), references MAY also be made through a relative `operationRef`: +field in an [Operation Object](#operation-object)), references MAY also be made through a relative `operationRef`: ```yaml links: @@ -2397,10 +2397,10 @@ links: Note that in the use of `operationRef`, the _escaped forward-slash_ is necessary when using JSON Pointer, and it is necessary to URL-encode `{` and `}` as `%7B` and `%7D`, respectively when using JSON Pointer as URI fragments. -##### Runtime Expressions +##### Runtime Expressions Runtime expressions allow defining values based on information that will only be available within the HTTP message in an actual API call. -This mechanism is used by [Link Objects](#linkObject) and [Callback Objects](#callbackObject). +This mechanism is used by [Link Objects](#link-object) and [Callback Objects](#callback-object). The runtime expression is defined by the following [ABNF](https://tools.ietf.org/html/rfc5234) syntax @@ -2429,7 +2429,7 @@ The `name` identifier is case-sensitive, whereas `token` is not. The table below provides examples of runtime expressions and examples of their use in a value: -##### Examples +##### Examples | Source Location | example expression | notes | | --------------------- | :------------------------- | :-------------------------------------------------------------------------------------------------------------------------------------------------- | @@ -2444,15 +2444,15 @@ The table below provides examples of runtime expressions and examples of their u Runtime expressions preserve the type of the referenced value. Expressions can be embedded into string values by surrounding the expression with `{}` curly braces. -#### Header Object +#### Header Object -Describes a single header for [HTTP responses](#responseHeaders) and for [individual parts in `multipart` representations](#encodingHeaders); see the relevant [Response Object](#responseObject) and [Encoding Object](#encodingObject) documentation for restrictions on which headers can be described. +Describes a single header for [HTTP responses](#response-headers) and for [individual parts in `multipart` representations](#encoding-headers); see the relevant [Response Object](#response-object) and [Encoding Object](#encoding-object) documentation for restrictions on which headers can be described. -The Header Object follows the structure of the [Parameter Object](#parameterObject), including determining its serialization strategy based on whether `schema` or `content` is present, with the following changes: +The Header Object follows the structure of the [Parameter Object](#parameter-object), including determining its serialization strategy based on whether `schema` or `content` is present, with the following changes: 1. `name` MUST NOT be specified, it is given in the corresponding `headers` map. 1. `in` MUST NOT be specified, it is implicitly in `header`. -1. All traits that are affected by the location MUST be applicable to a location of `header` (for example, [`style`](#parameterStyle)). This means that `allowEmptyValue` and `allowReserved` MUST NOT be used, and `style`, if used, MUST be limited to `simple`. +1. All traits that are affected by the location MUST be applicable to a location of `header` (for example, [`style`](#parameter-style)). This means that `allowEmptyValue` and `allowReserved` MUST NOT be used, and `style`, if used, MUST be limited to `simple`. ##### Fixed Fields @@ -2462,40 +2462,40 @@ These fields MAY be used with either `content` or `schema`. | Field Name | Type | Description | | ------------------------------------------- | :-------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| description | `string` | A brief description of the header. This could contain examples of use. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | -| required | `boolean` | Determines whether this header is mandatory. The default value is `false`. | -| deprecated | `boolean` | Specifies that the header is deprecated and SHOULD be transitioned out of usage. Default value is `false`. | +| description | `string` | A brief description of the header. This could contain examples of use. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | +| required | `boolean` | Determines whether this header is mandatory. The default value is `false`. | +| deprecated | `boolean` | Specifies that the header is deprecated and SHOULD be transitioned out of usage. Default value is `false`. | -This object MAY be extended with [Specification Extensions](#specificationExtensions). +This object MAY be extended with [Specification Extensions](#specification-extensions). ###### Fixed Fields for use with `schema` -For simpler scenarios, a [`schema`](#headerSchema) and [`style`](#headerStyle) can describe the structure and syntax of the header. +For simpler scenarios, a [`schema`](#header-schema) and [`style`](#header-style) can describe the structure and syntax of the header. When `example` or `examples` are provided in conjunction with the `schema` object, the example MUST follow the prescribed serialization strategy for the header. -Serializing with `schema` is NOT RECOMMENDED for headers with parameters (name=value pairs following a `;`) in their values, or where values might have non-URL-safe characters; see [Appendix D](#serializingHeadersAndCookies) for details. +Serializing with `schema` is NOT RECOMMENDED for headers with parameters (name=value pairs following a `;`) in their values, or where values might have non-URL-safe characters; see [Appendix D](#appendix-d-serializing-headers-and-cookies) for details. When `example` or `examples` are provided in conjunction with the `schema` object, the example SHOULD match the specified schema and follow the prescribed serialization strategy for the header. The `example` and `examples` fields are mutually exclusive, and if either is present it SHALL _override_ any `example` in the schema. | Field Name | Type | Description | | ------------------------------------- | :--------------------------------------------------------------------------------------: | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| style | `string` | Describes how the header value will be serialized. The default (and only legal value for headers) is `simple`. | -| explode | `boolean` | When this is true, header values of type `array` or `object` generate a single header whose value is a comma-separated list of the array items or key-value pairs of the map, see [Style Examples](#style-examples). For other data types this property has no effect. The default value is `false`. | -| schema | [Schema Object](#schemaObject) \| [Reference Object](#referenceObject) | The schema defining the type used for the header. | -| example | Any | Example of the header's potential value; see [Working With Examples](#working-with-examples). | -| examples | Map[ `string`, [Example Object](#exampleObject) \| [Reference Object](#referenceObject)] | Examples of the header's potential value; see [Working With Examples](#working-with-examples). | +| style | `string` | Describes how the header value will be serialized. The default (and only legal value for headers) is `simple`. | +| explode | `boolean` | When this is true, header values of type `array` or `object` generate a single header whose value is a comma-separated list of the array items or key-value pairs of the map, see [Style Examples](#style-examples). For other data types this property has no effect. The default value is `false`. | +| schema | [Schema Object](#schema-object) \| [Reference Object](#reference-object) | The schema defining the type used for the header. | +| example | Any | Example of the header's potential value; see [Working With Examples](#working-with-examples). | +| examples | Map[ `string`, [Example Object](#example-object) \| [Reference Object](#reference-object)] | Examples of the header's potential value; see [Working With Examples](#working-with-examples). | -See also [Appendix C: Using RFC6570 Implementations](#usingRFC6570Implementations) for additional guidance. +See also [Appendix C: Using RFC6570 Implementations](#appendix-c-using-rfc6570-implementations) for additional guidance. ###### Fixed Fields for use with `content` -For more complex scenarios, the [`content`](#headerContent) property can define the media type and schema of the header, as well as give examples of its use. +For more complex scenarios, the [`content`](#header-content) property can define the media type and schema of the header, as well as give examples of its use. Using `content` with a `text/plain` media type is RECOMMENDED for headers where the `schema` strategy is not appropriate. | Field Name | Type | Description | | ----------------------------------- | :--------------------------------------------------: | ----------------------------------------------------------------------------------------------------------------------------------------------- | -| content | Map[`string`, [Media Type Object](#mediaTypeObject)] | A map containing the representations for the header. The key is the media type and the value describes it. The map MUST only contain one entry. | +| content | Map[`string`, [Media Type Object](#media-type-object)] | A map containing the representations for the header. The key is the media type and the value describes it. The map MUST only contain one entry. | ##### Header Object Example @@ -2543,20 +2543,20 @@ ETag: pattern: ^" ``` -#### Tag Object +#### Tag Object -Adds metadata to a single tag that is used by the [Operation Object](#operationObject). +Adds metadata to a single tag that is used by the [Operation Object](#operation-object). It is not mandatory to have a Tag Object per tag defined in the Operation Object instances. ##### Fixed Fields | Field Name | Type | Description | | ------------------------------------------ | :-----------------------------------------------------------: | ---------------------------------------------------------------------------------------------------------------------- | -| name | `string` | **REQUIRED**. The name of the tag. | -| description | `string` | A description for the tag. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | -| externalDocs | [External Documentation Object](#externalDocumentationObject) | Additional external documentation for this tag. | +| name | `string` | **REQUIRED**. The name of the tag. | +| description | `string` | A description for the tag. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | +| externalDocs | [External Documentation Object](#external-documentation-object) | Additional external documentation for this tag. | -This object MAY be extended with [Specification Extensions](#specificationExtensions). +This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Tag Object Example @@ -2572,7 +2572,7 @@ name: pet description: Pets operations ``` -#### Reference Object +#### Reference Object A simple object to allow referencing other components in the OpenAPI document, internally and externally. @@ -2584,7 +2584,7 @@ For this specification, reference resolution is accomplished as defined by the J | Field Name | Type | Description | | ------------------------------- | :------: | ----------------------------------- | -| $ref | `string` | **REQUIRED**. The reference string. | +| $ref | `string` | **REQUIRED**. The reference string. | This object cannot be extended with additional properties and any properties added SHALL be ignored. @@ -2624,7 +2624,7 @@ $ref: Pet.yaml $ref: definitions.yaml#/Pet ``` -#### Schema Object +#### Schema Object The Schema Object allows the definition of input and output data types. These types can be objects, but also primitives and arrays. @@ -2657,18 +2657,18 @@ The following properties are taken directly from the JSON Schema definition and The following properties are taken from the JSON Schema definition but their definitions were adjusted to the OpenAPI Specification. * type - Value MUST be a string. Multiple types via an array are not supported. -* allOf - Inline or referenced schema MUST be of a [Schema Object](#schemaObject) and not a standard JSON Schema. -* oneOf - Inline or referenced schema MUST be of a [Schema Object](#schemaObject) and not a standard JSON Schema. -* anyOf - Inline or referenced schema MUST be of a [Schema Object](#schemaObject) and not a standard JSON Schema. -* not - Inline or referenced schema MUST be of a [Schema Object](#schemaObject) and not a standard JSON Schema. -* items - Value MUST be an object and not an array. Inline or referenced schema MUST be of a [Schema Object](#schemaObject) and not a standard JSON Schema. `items` MUST be present if the `type` is `array`. -* properties - Property definitions MUST be a [Schema Object](#schemaObject) and not a standard JSON Schema (inline or referenced). -* additionalProperties - Value can be boolean or object. Inline or referenced schema MUST be of a [Schema Object](#schemaObject) and not a standard JSON Schema. Consistent with JSON Schema, `additionalProperties` defaults to `true`. +* allOf - Inline or referenced schema MUST be of a [Schema Object](#schema-object) and not a standard JSON Schema. +* oneOf - Inline or referenced schema MUST be of a [Schema Object](#schema-object) and not a standard JSON Schema. +* anyOf - Inline or referenced schema MUST be of a [Schema Object](#schema-object) and not a standard JSON Schema. +* not - Inline or referenced schema MUST be of a [Schema Object](#schema-object) and not a standard JSON Schema. +* items - Value MUST be an object and not an array. Inline or referenced schema MUST be of a [Schema Object](#schema-object) and not a standard JSON Schema. `items` MUST be present if the `type` is `array`. +* properties - Property definitions MUST be a [Schema Object](#schema-object) and not a standard JSON Schema (inline or referenced). +* additionalProperties - Value can be boolean or object. Inline or referenced schema MUST be of a [Schema Object](#schema-object) and not a standard JSON Schema. Consistent with JSON Schema, `additionalProperties` defaults to `true`. * description - [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. -* format - See [Data Type Formats](#dataTypeFormat) for further details. While relying on JSON Schema's defined formats, the OAS offers a few additional predefined formats. +* format - See [Data Type Formats](#data-type-format) for further details. While relying on JSON Schema's defined formats, the OAS offers a few additional predefined formats. * default - The default value represents what would be assumed by the consumer of the input as the value of the schema if one is not provided. Unlike JSON Schema, the value MUST conform to the defined type for the Schema Object defined at the same level. For example, if `type` is `string`, then `default` can be `"foo"` but cannot be `1`. -Alternatively, any time a Schema Object can be used, a [Reference Object](#referenceObject) can be used in its place. This allows referencing definitions instead of defining them inline. +Alternatively, any time a Schema Object can be used, a [Reference Object](#reference-object) can be used in its place. This allows referencing definitions instead of defining them inline. Additional properties defined by the JSON Schema specification that are not mentioned here are strictly unsupported. @@ -2678,35 +2678,35 @@ Other than the JSON Schema subset fields, the following fields MAY be used for f | Field Name | Type | Description | | ----------------------------------------------- | :-----------------------------------------------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| nullable | `boolean` | A `true` value adds `"null"` to the allowed type specified by the `type` keyword, only if `type` is explicitly defined within the same Schema Object. Other Schema Object constraints retain their defined behavior, and therefore may disallow the use of `null` as a value. A `false` value leaves the specified or default `type` unmodified. The default value is `false`. | -| discriminator | [Discriminator Object](#discriminatorObject) | Adds support for polymorphism. The discriminator is used to determine which of a set of schemas a payload is expected to satisfy. See [Composition and Inheritance](#schemaComposition) for more details. | -| readOnly | `boolean` | Relevant only for Schema `"properties"` definitions. Declares the property as "read only". This means that it MAY be sent as part of a response but SHOULD NOT be sent as part of the request. If the property is marked as `readOnly` being `true` and is in the `required` list, the `required` will take effect on the response only. A property MUST NOT be marked as both `readOnly` and `writeOnly` being `true`. Default value is `false`. | -| writeOnly | `boolean` | Relevant only for Schema `"properties"` definitions. Declares the property as "write only". Therefore, it MAY be sent as part of a request but SHOULD NOT be sent as part of the response. If the property is marked as `writeOnly` being `true` and is in the `required` list, the `required` will take effect on the request only. A property MUST NOT be marked as both `readOnly` and `writeOnly` being `true`. Default value is `false`. | -| xml | [XML Object](#xmlObject) | This MAY be used only on properties schemas. It has no effect on root schemas. Adds additional metadata to describe the XML representation of this property. | -| externalDocs | [External Documentation Object](#externalDocumentationObject) | Additional external documentation for this schema. | -| example | Any | A free-form property to include an example of an instance for this schema. To represent examples that cannot be naturally represented in JSON or YAML, a string value can be used to contain the example with escaping where necessary. | -| deprecated | `boolean` | Specifies that a schema is deprecated and SHOULD be transitioned out of usage. Default value is `false`. | +| nullable | `boolean` | A `true` value adds `"null"` to the allowed type specified by the `type` keyword, only if `type` is explicitly defined within the same Schema Object. Other Schema Object constraints retain their defined behavior, and therefore may disallow the use of `null` as a value. A `false` value leaves the specified or default `type` unmodified. The default value is `false`. | +| discriminator | [Discriminator Object](#discriminator-object) | Adds support for polymorphism. The discriminator is used to determine which of a set of schemas a payload is expected to satisfy. See [Composition and Inheritance](#composition-and-inheritance-polymorphism) for more details. | +| readOnly | `boolean` | Relevant only for Schema `"properties"` definitions. Declares the property as "read only". This means that it MAY be sent as part of a response but SHOULD NOT be sent as part of the request. If the property is marked as `readOnly` being `true` and is in the `required` list, the `required` will take effect on the response only. A property MUST NOT be marked as both `readOnly` and `writeOnly` being `true`. Default value is `false`. | +| writeOnly | `boolean` | Relevant only for Schema `"properties"` definitions. Declares the property as "write only". Therefore, it MAY be sent as part of a request but SHOULD NOT be sent as part of the response. If the property is marked as `writeOnly` being `true` and is in the `required` list, the `required` will take effect on the request only. A property MUST NOT be marked as both `readOnly` and `writeOnly` being `true`. Default value is `false`. | +| xml | [XML Object](#xml-object) | This MAY be used only on properties schemas. It has no effect on root schemas. Adds additional metadata to describe the XML representation of this property. | +| externalDocs | [External Documentation Object](#external-documentation-object) | Additional external documentation for this schema. | +| example | Any | A free-form property to include an example of an instance for this schema. To represent examples that cannot be naturally represented in JSON or YAML, a string value can be used to contain the example with escaping where necessary. | +| deprecated | `boolean` | Specifies that a schema is deprecated and SHOULD be transitioned out of usage. Default value is `false`. | -This object MAY be extended with [Specification Extensions](#specificationExtensions). +This object MAY be extended with [Specification Extensions](#specification-extensions). -###### Composition and Inheritance (Polymorphism) +###### Composition and Inheritance (Polymorphism) The OpenAPI Specification allows combining and extending model definitions using the `allOf` property of JSON Schema, in effect offering model composition. `allOf` takes an array of object definitions that are validated _independently_ but together compose a single object. While composition offers model extensibility, it does not imply a hierarchy between the models. -To support polymorphism, the OpenAPI Specification adds the [`discriminator`](#schemaDiscriminator) field. +To support polymorphism, the OpenAPI Specification adds the [`discriminator`](#schema-discriminator) field. When used, the `discriminator` indicates the name of the property that hints which schema definition is expected to validate the structure of the model. As such, the `discriminator` field MUST be a required field. There are two ways to define the value of a discriminator for an inheriting instance. * Use the schema name. -* [Override the schema name](#discriminatorMapping) by overriding the property with a new value. If a new value exists, this takes precedence over the schema name. +* [Override the schema name](#discriminator-mapping) by overriding the property with a new value. If a new value exists, this takes precedence over the schema name. ###### XML Modeling -The [xml](#schemaXml) property allows extra definitions when translating the JSON definition to XML. -The [XML Object](#xmlObject) contains additional information about the available options. +The [xml](#schema-xml) property allows extra definitions when translating the JSON definition to XML. +The [XML Object](#xml-object) contains additional information about the available options. ##### Schema Object Examples @@ -3015,7 +3015,7 @@ components: - packSize ``` -#### Discriminator Object +#### Discriminator Object When request bodies or response payloads may be one of a number of different schemas, a Discriminator Object gives a hint about the expected schema of the document. This hint can be used to aid in serialization, deserialization, and validation. @@ -3027,8 +3027,8 @@ Note that `discriminator` MUST NOT change the validation outcome of the schema. | Field Name | Type | Description | | ------------------------------------------- | :---------------------: | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| propertyName | `string` | **REQUIRED**. The name of the property in the payload that will hold the discriminating value. This property SHOULD be required in the payload schema, as the behavior when the property is absent is undefined. | -| mapping | Map[`string`, `string`] | An object to hold mappings between payload values and schema names or URI references. | +| propertyName | `string` | **REQUIRED**. The name of the property in the payload that will hold the discriminating value. This property SHOULD be required in the payload schema, as the behavior when the property is absent is undefined. | +| mapping | Map[`string`, `string`] | An object to hold mappings between payload values and schema names or URI references. | ##### Conditions for Using the Discriminator Object @@ -3037,7 +3037,7 @@ The Discriminator Object is legal only when using one of the composite keywords In both the `oneOf` and `anyOf` use cases, where those keywords are adjacent to `discriminator`, all possible schemas MUST be listed explicitly. To avoid redundancy, the discriminator MAY be added to a parent schema definition, and all schemas building on the parent schema via an `allOf` construct may be used as an alternate schema. -It is implementation-defined as to whether all named [Schema Objects](#schemaObject) under the [Components Object](#componentsObject), or only those that are otherwise directly referenced are searched for `allOf` references to the parent schema. +It is implementation-defined as to whether all named [Schema Objects](#schema-object) under the [Components Object](#components-object), or only those that are otherwise directly referenced are searched for `allOf` references to the parent schema. However, it is RECOMMENDED to search all named schemas in the Components Object because it is common with the `allOf` usage for other parts of the API to only directly reference the parent schema. The `allOf` form of `discriminator` is _only_ useful for non-validation use cases; validation with the parent schema with this form of `discriminator` _does not_ perform a search for child schemas or use them in validation in any way. @@ -3047,7 +3047,7 @@ The behavior of any configuration of `oneOf`, `anyOf`, `allOf` and `discriminato ##### Options for Mapping Values to Schemas -The value of the property named in `propertyName` is used as the name of the associated schema under the [Components Object](#componentsObject), _unless_ a `mapping` is present for that value. +The value of the property named in `propertyName` is used as the name of the associated schema under the [Components Object](#components-object), _unless_ a `mapping` is present for that value. The `mapping` entry maps a specific property value to either a different schema component name, or to a schema identified by a URI. When using implicit or explicit schema component names, inline `oneOf` or `anyOf` subschemas are not considered. The behavior of a `mapping` value that is both a valid schema name and a valid relative URI reference is implementation-defined, but it is RECOMMENDED that it be treated as a schema name. @@ -3056,9 +3056,9 @@ To ensure that an ambiguous value (e.g. `"foo"`) is treated as a relative URI re Mapping keys MUST be string values, but tooling MAY convert response values to strings for comparison. However, the exact nature of such conversions are implementation-defined. -##### Examples +##### Examples -For these examples, assume all schemas are in the entry OpenAPI document; for handling of `discriminator` in referenced documents see [Resolving Implicit Connections](#resolvingImplicitConnections). +For these examples, assume all schemas are in the entry OpenAPI document; for handling of `discriminator` in referenced documents see [Resolving Implicit Connections](#resolving-implicit-connections). In OAS 3.0, a response payload MAY be described to be exactly one of any number of types: @@ -3175,7 +3175,7 @@ will indicate that the `#/components/schemas/Cat` schema is expected to match. L will map to `#/components/schemas/Dog` because the `dog` entry in the `mapping` element maps to `Dog` which is the schema name for `#/components/schemas/Dog`. -#### XML Object +#### XML Object A metadata object that allows for more fine-tuned XML model definitions. @@ -3186,13 +3186,13 @@ See examples for expected behavior. | Field Name | Type | Description | | ------------------------------------ | :-------: | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| name | `string` | Replaces the name of the element/attribute used for the described schema property. When defined within `items`, it will affect the name of the individual XML elements within the list. When defined alongside `type` being `array` (outside the `items`), it will affect the wrapping element and only if `wrapped` is `true`. If `wrapped` is `false`, it will be ignored. | -| namespace | `string` | The URI of the namespace definition. Value MUST be in the form of a non-relative URI. | -| prefix | `string` | The prefix to be used for the [name](#xmlName). | -| attribute | `boolean` | Declares whether the property definition translates to an attribute instead of an element. Default value is `false`. | -| wrapped | `boolean` | MAY be used only for an array definition. Signifies whether the array is wrapped (for example, ``) or unwrapped (``). Default value is `false`. The definition takes effect only when defined alongside `type` being `array` (outside the `items`). | +| name | `string` | Replaces the name of the element/attribute used for the described schema property. When defined within `items`, it will affect the name of the individual XML elements within the list. When defined alongside `type` being `array` (outside the `items`), it will affect the wrapping element and only if `wrapped` is `true`. If `wrapped` is `false`, it will be ignored. | +| namespace | `string` | The URI of the namespace definition. Value MUST be in the form of a non-relative URI. | +| prefix | `string` | The prefix to be used for the [name](#xml-name). | +| attribute | `boolean` | Declares whether the property definition translates to an attribute instead of an element. Default value is `false`. | +| wrapped | `boolean` | MAY be used only for an array definition. Signifies whether the array is wrapped (for example, ``) or unwrapped (``). Default value is `false`. The definition takes effect only when defined alongside `type` being `array` (outside the `items`). | -This object MAY be extended with [Specification Extensions](#specificationExtensions). +This object MAY be extended with [Specification Extensions](#specification-extensions). The `namespace` field is intended to match the syntax of [XML namespaces](https://www.w3.org/TR/xml-names11/), although there are a few caveats: @@ -3202,7 +3202,7 @@ The `namespace` field is intended to match the syntax of [XML namespaces](https: ##### XML Object Examples -Each of the following examples represent the value of the `properties` keyword in a [Schema Object](#schemaObject) that is omitted for brevity. +Each of the following examples represent the value of the `properties` keyword in a [Schema Object](#schema-object) that is omitted for brevity. The JSON and YAML representations of the `properties` value are followed by an example XML representation produced for the single property shown. ###### No XML Element @@ -3226,7 +3226,7 @@ animals: ... ``` -Basic string array property ([`wrapped`](#xmlWrapped) is `false` by default): +Basic string array property ([`wrapped`](#xml-wrapped) is `false` by default): ```json { @@ -3535,7 +3535,7 @@ animals: ``` -#### Security Scheme Object +#### Security Scheme Object Defines a security scheme that can be used by the operations. @@ -3546,16 +3546,16 @@ Please note that as of 2020, the implicit flow is about to be deprecated by [OAu | Field Name | Type | Applies To | Description | | ------------------------------------------------------------- | :-------------------------------------: | ------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| type | `string` | Any | **REQUIRED**. The type of the security scheme. Valid values are `"apiKey"`, `"http"`, `"oauth2"`, `"openIdConnect"`. | -| description | `string` | Any | A description for security scheme. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | -| name | `string` | `apiKey` | **REQUIRED**. The name of the header, query or cookie parameter to be used. | -| in | `string` | `apiKey` | **REQUIRED**. The location of the API key. Valid values are `"query"`, `"header"` or `"cookie"`. | -| scheme | `string` | `http` | **REQUIRED**. The name of the HTTP Authentication scheme to be used in the [Authorization header as defined in RFC7235](https://tools.ietf.org/html/rfc7235#section-5.1). The values used SHOULD be registered in the [IANA Authentication Scheme registry](https://www.iana.org/assignments/http-authschemes/http-authschemes.xhtml). The value is case-insensitive, as defined in [RFC7235](https://datatracker.ietf.org/doc/html/rfc7235#section-2.1). | -| bearerFormat | `string` | `http` (`"bearer"`) | A hint to the client to identify how the bearer token is formatted. Bearer tokens are usually generated by an authorization server, so this information is primarily for documentation purposes. | -| flows | [OAuth Flows Object](#oauthFlowsObject) | `oauth2` | **REQUIRED**. An object containing configuration information for the flow types supported. | -| openIdConnectUrl | `string` | `openIdConnect` | **REQUIRED**. [Well-known URL](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig) to discover the [[OpenID-Connect-Discovery]] [provider metadata](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata). | +| type | `string` | Any | **REQUIRED**. The type of the security scheme. Valid values are `"apiKey"`, `"http"`, `"oauth2"`, `"openIdConnect"`. | +| description | `string` | Any | A description for security scheme. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | +| name | `string` | `apiKey` | **REQUIRED**. The name of the header, query or cookie parameter to be used. | +| in | `string` | `apiKey` | **REQUIRED**. The location of the API key. Valid values are `"query"`, `"header"` or `"cookie"`. | +| scheme | `string` | `http` | **REQUIRED**. The name of the HTTP Authentication scheme to be used in the [Authorization header as defined in RFC7235](https://tools.ietf.org/html/rfc7235#section-5.1). The values used SHOULD be registered in the [IANA Authentication Scheme registry](https://www.iana.org/assignments/http-authschemes/http-authschemes.xhtml). The value is case-insensitive, as defined in [RFC7235](https://datatracker.ietf.org/doc/html/rfc7235#section-2.1). | +| bearerFormat | `string` | `http` (`"bearer"`) | A hint to the client to identify how the bearer token is formatted. Bearer tokens are usually generated by an authorization server, so this information is primarily for documentation purposes. | +| flows | [OAuth Flows Object](#oauth-flows-object) | `oauth2` | **REQUIRED**. An object containing configuration information for the flow types supported. | +| openIdConnectUrl | `string` | `openIdConnect` | **REQUIRED**. [Well-known URL](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig) to discover the [[OpenID-Connect-Discovery]] [provider metadata](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata). | -This object MAY be extended with [Specification Extensions](#specificationExtensions). +This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Security Scheme Object Example @@ -3632,7 +3632,7 @@ flows: read:pets: read your pets ``` -#### OAuth Flows Object +#### OAuth Flows Object Allows configuration of the supported OAuth Flows. @@ -3640,14 +3640,14 @@ Allows configuration of the supported OAuth Flows. | Field Name | Type | Description | | ----------------------------------------------------------- | :-----------------------------------: | ---------------------------------------------------------------------------------------------------- | -| implicit | [OAuth Flow Object](#oauthFlowObject) | Configuration for the OAuth Implicit flow | -| password | [OAuth Flow Object](#oauthFlowObject) | Configuration for the OAuth Resource Owner Password flow | -| clientCredentials | [OAuth Flow Object](#oauthFlowObject) | Configuration for the OAuth Client Credentials flow. Previously called `application` in OpenAPI 2.0. | -| authorizationCode | [OAuth Flow Object](#oauthFlowObject) | Configuration for the OAuth Authorization Code flow. Previously called `accessCode` in OpenAPI 2.0. | +| implicit | [OAuth Flow Object](#oauth-flow-object) | Configuration for the OAuth Implicit flow | +| password | [OAuth Flow Object](#oauth-flow-object) | Configuration for the OAuth Resource Owner Password flow | +| clientCredentials | [OAuth Flow Object](#oauth-flow-object) | Configuration for the OAuth Client Credentials flow. Previously called `application` in OpenAPI 2.0. | +| authorizationCode | [OAuth Flow Object](#oauth-flow-object) | Configuration for the OAuth Authorization Code flow. Previously called `accessCode` in OpenAPI 2.0. | -This object MAY be extended with [Specification Extensions](#specificationExtensions). +This object MAY be extended with [Specification Extensions](#specification-extensions). -#### OAuth Flow Object +#### OAuth Flow Object Configuration details for a supported OAuth Flow @@ -3655,12 +3655,12 @@ Configuration details for a supported OAuth Flow | Field Name | Type | Applies To | Description | | -------------------------------------------------------- | :---------------------: | --------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------- | -| authorizationUrl | `string` | `oauth2` (`"implicit"`, `"authorizationCode"`) | **REQUIRED**. The authorization URL to be used for this flow. This MUST be in the form of a URL. The OAuth2 standard requires the use of TLS. | -| tokenUrl | `string` | `oauth2` (`"password"`, `"clientCredentials"`, `"authorizationCode"`) | **REQUIRED**. The token URL to be used for this flow. This MUST be in the form of a URL. The OAuth2 standard requires the use of TLS. | -| refreshUrl | `string` | `oauth2` | The URL to be used for obtaining refresh tokens. This MUST be in the form of a URL. The OAuth2 standard requires the use of TLS. | -| scopes | Map[`string`, `string`] | `oauth2` | **REQUIRED**. The available scopes for the OAuth2 security scheme. A map between the scope name and a short description for it. The map MAY be empty. | +| authorizationUrl | `string` | `oauth2` (`"implicit"`, `"authorizationCode"`) | **REQUIRED**. The authorization URL to be used for this flow. This MUST be in the form of a URL. The OAuth2 standard requires the use of TLS. | +| tokenUrl | `string` | `oauth2` (`"password"`, `"clientCredentials"`, `"authorizationCode"`) | **REQUIRED**. The token URL to be used for this flow. This MUST be in the form of a URL. The OAuth2 standard requires the use of TLS. | +| refreshUrl | `string` | `oauth2` | The URL to be used for obtaining refresh tokens. This MUST be in the form of a URL. The OAuth2 standard requires the use of TLS. | +| scopes | Map[`string`, `string`] | `oauth2` | **REQUIRED**. The available scopes for the OAuth2 security scheme. A map between the scope name and a short description for it. The map MAY be empty. | -This object MAY be extended with [Specification Extensions](#specificationExtensions). +This object MAY be extended with [Specification Extensions](#specification-extensions). ##### OAuth Flow Object Examples @@ -3703,21 +3703,21 @@ flows: read:pets: read your pets ``` -#### Security Requirement Object +#### Security Requirement Object Lists the required security schemes to execute this operation. -The name used for each property MUST correspond to a security scheme declared in the [Security Schemes](#componentsSecuritySchemes) under the [Components Object](#componentsObject). +The name used for each property MUST correspond to a security scheme declared in the [Security Schemes](#security-scheme-object) under the [Components Object](#components-object). Security Requirement Objects that contain multiple schemes require that all schemes MUST be satisfied for a request to be authorized. This enables support for scenarios where multiple query parameters or HTTP headers are required to convey security information. -When a list of Security Requirement Objects is defined on the [OpenAPI Object](#oasObject) or [Operation Object](#operationObject), only one of the Security Requirement Objects in the list needs to be satisfied to authorize the request. +When a list of Security Requirement Objects is defined on the [OpenAPI Object](#openapi-object) or [Operation Object](#operation-object), only one of the Security Requirement Objects in the list needs to be satisfied to authorize the request. ##### Patterned Fields | Field Pattern | Type | Description | | --------------------------------------------- | :--------: | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| {name} | [`string`] | Each name MUST correspond to a security scheme which is declared in the [Security Schemes](#componentsSecuritySchemes) under the [Components Object](#componentsObject). If the security scheme is of type `"oauth2"` or `"openIdConnect"`, then the value is a list of scope names required for the execution, and the list MAY be empty if authorization does not require a specified scope. For other security scheme types, the array MUST be empty. | +| {name} | [`string`] | Each name MUST correspond to a security scheme which is declared in the [Security Schemes](#security-scheme-object) under the [Components Object](#components-object). If the security scheme is of type `"oauth2"` or `"openIdConnect"`, then the value is a list of scope names required for the execution, and the list MAY be empty if authorization does not require a specified scope. For other security scheme types, the array MUST be empty. | ##### Security Requirement Object Examples @@ -3772,7 +3772,7 @@ security: ###### Security Requirement in a Referenced Document -See [Resolving Implicit Connections](#resolvingImplicitConnections) for more information. +See [Resolving Implicit Connections](#resolving-implicit-connections) for more information. First, our entry document is where parsing begins. It defines the `MySecurity` security scheme to be JWT-based, and it defines a Path Item as a reference to a component in another document: @@ -3864,9 +3864,9 @@ components: - MySecurity: [] ``` -In the `other` document, the referenced path item has a Security Requirement for a Security Scheme, `MySecurity`. The same Security Scheme exists in the original entry document. As outlined in [Resolving Implicit Connections](#resolvingImplicitConnections), `MySecurity` is resolved with an [implementation-defined behavior](#undefinedAndImplementationDefinedBehavior). However, documented in that section, it is RECOMMENDED that tools resolve component names from the [entry document](#documentStructure). As with all implementation-defined behavior, it is important to check tool documentation to determine which behavior is supported. +In the `other` document, the referenced path item has a Security Requirement for a Security Scheme, `MySecurity`. The same Security Scheme exists in the original entry document. As outlined in [Resolving Implicit Connections](#resolving-implicit-connections), `MySecurity` is resolved with an [implementation-defined behavior](#undefined-and-implementation-defined-behavior). However, documented in that section, it is RECOMMENDED that tools resolve component names from the [entry document](#openapi-description-structure). As with all implementation-defined behavior, it is important to check tool documentation to determine which behavior is supported. -### Specification Extensions +### Specification Extensions While the OpenAPI Specification tries to accommodate most use cases, additional data can be added to extend the specification at certain points. @@ -3874,7 +3874,7 @@ The extensions properties are implemented as patterned fields that are always pr | Field Pattern | Type | Description | | -------------------------------- | :--: | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| ^x- | Any | Allows extensions to the OpenAPI Schema. The field name MUST begin with `x-`, for example, `x-internal-id`. The value can be any valid JSON value (`null`, a primitive, an array or an object.) | +| ^x- | Any | Allows extensions to the OpenAPI Schema. The field name MUST begin with `x-`, for example, `x-internal-id`. The value can be any valid JSON value (`null`, a primitive, an array or an object.) | The OpenAPI Initiative maintains several [[OpenAPI-Registry|extension registries]], including registries for [individual extension keywords](https://spec.openapis.org/registry/extension/) and [extension keyword namespaces](https://spec.openapis.org/registry/namespace/). @@ -3883,7 +3883,7 @@ It is therefore RECOMMENDED that implementations be designed for extensibility t Support for any one extension is OPTIONAL, and support for one extension does not imply support for others. -### Security Filtering +### Security Filtering Some objects in the OpenAPI Specification MAY be declared and remain empty, or be completely removed, even though they are inherently the core of the API documentation. @@ -3892,8 +3892,8 @@ While not part of the specification itself, certain libraries MAY choose to allo Two examples of this: -1. The [Paths Object](#pathsObject) MAY be present but empty. It may be counterintuitive, but this may tell the viewer that they got to the right place, but can't access any documentation. They would still have access to at least the [Info Object](#infoObject) which may contain additional information regarding authentication. -2. The [Path Item Object](#pathItemObject) MAY be empty. In this case, the viewer will be aware that the path exists, but will not be able to see any of its operations or parameters. This is different from hiding the path itself from the [Paths Object](#pathsObject), because the user will be aware of its existence. This allows the documentation provider to finely control what the viewer can see. +1. The [Paths Object](#paths-object) MAY be present but empty. It may be counterintuitive, but this may tell the viewer that they got to the right place, but can't access any documentation. They would still have access to at least the [Info Object](#info-object) which may contain additional information regarding authentication. +2. The [Path Item Object](#path-item-object) MAY be empty. In this case, the viewer will be aware that the path exists, but will not be able to see any of its operations or parameters. This is different from hiding the path itself from the [Paths Object](#paths-object), because the user will be aware of its existence. This allows the documentation provider to finely control what the viewer can see. ## Security Considerations @@ -3922,7 +3922,7 @@ OpenAPI description documents may contain references to external resources that Certain properties allow the use of Markdown which can contain HTML including script. It is the responsibility of tooling to appropriately sanitize the Markdown. -## Appendix A: Revision History +## Appendix A: Revision History | Version | Date | Notes | | --------- | ---------- | ------------------------------------------------- | @@ -3940,14 +3940,14 @@ Certain properties allow the use of Markdown which can contain HTML including sc | 1.1 | 2012-08-22 | Release of Swagger 1.1 | | 1.0 | 2011-08-10 | First release of the Swagger Specification | -## Appendix B: Data Type Conversion +## Appendix B: Data Type Conversion Serializing typed data to plain text, which can occur in `text/plain` message bodies or `multipart` parts, as well as in the `application/x-www-form-urlencoded` format in either URL query strings or message bodies, involves significant implementation- or application-defined behavior. Schema Objects validate data based on the [JSON Schema data model](https://tools.ietf.org/html/draft-wright-json-schema-00#section-4.2), which only recognizes four primitive data types: strings (which are [only broadly interoperable as UTF-8](https://datatracker.ietf.org/doc/html/rfc7159#section-8.1)), numbers, booleans, and `null`. Notably, integers are not a distinct type from other numbers, with `type: integer` being a convenience defined mathematically, rather than based on the presence or absence of a decimal point in any string representation. -The [Parameter Object](#parameterObject), [Header Object](#headerObject) and [Encoding Object](#encodingObject) offer features to control how to arrange values from array or object types. +The [Parameter Object](#parameter-object), [Header Object](#header-object) and [Encoding Object](#encoding-object) offer features to control how to arrange values from array or object types. They can also be used to control how strings are further encoded to avoid reserved or illegal characters. However, there is no general-purpose specification for converting schema-validated non-UTF-8 primitive data types (or entire arrays or objects) to strings. @@ -3968,14 +3968,14 @@ However, care must be taken with `format` to ensure that the specific formats ar Requiring input as pre-formatted, schema-validated strings also improves round-trip interoperability as not all programming languages and environments support the same data types. -## Appendix C: Using RFC6570 Implementations +## Appendix C: Using RFC6570 Implementations Serialization is defined in terms of RFC6570 URI Templates in two scenarios: | Object | Condition | | ------------------------------------ | ---------------------------------------------------------------------------------------------------------------- | -| [Parameter Object](#parameterObject) | When `schema` is present | -| [Encoding Object](#encodingObject) | When encoding for `application/x-www-form-urlencoded` and any of `style`, `explode`, or `allowReserved` are used | +| [Parameter Object](#parameter-object) | When `schema` is present | +| [Encoding Object](#encoding-object) | When encoding for `application/x-www-form-urlencoded` and any of `style`, `explode`, or `allowReserved` are used | Implementations of this specification MAY use an implementation of RFC6570 to perform variable expansion, however, some caveats apply. @@ -4121,7 +4121,7 @@ We'll also need to pre-process the values for `formulas` because while `/` and m Setting `allowReserved: true` does _not_ make reserved characters that are not allowed in URIs allowed, it just allows them to be _passed through expansion unchanged._ Therefore, any tooling still needs to percent-encode those characters because reserved expansion will not do it, but it _will_ leave the percent-encoded triples unchanged. -See also [Appendix E](#percentEncodingAndFormMediaTypes) for further guidance on percent-encoding and form media types, including guidance on handling the delimiter characters for `spaceDelimited`, `pipeDelimited`, and `deepObject` in parameter names and values. +See also [Appendix E](#appendix-e-percent-encoding-and-form-media-types) for further guidance on percent-encoding and form media types, including guidance on handling the delimiter characters for `spaceDelimited`, `pipeDelimited`, and `deepObject` in parameter names and values. So here is our data structure that arranges the names and values to suit the template above, where values for `formulas` have `[]#&=+` pre-percent encoded (although only `+` appears in this example): @@ -4209,7 +4209,7 @@ This will expand to the result: ?%E2%9D%A4%EF%B8%8F=love%21 ``` -## Appendix D: Serializing Headers and Cookies +## Appendix D: Serializing Headers and Cookies RFC6570's percent-encoding behavior is not always appropriate for `in: header` and `in: cookie` parameters. In many cases, it is more appropriate to use `content` with a media type such as `text/plain` and require the application to assemble the correct string. @@ -4230,7 +4230,7 @@ Because implementations that rely on an RFC6570 implementation and those that pe For multiple values, `style: form` is always incorrect as name=value pairs in cookies are delimited by `;` (a semicolon followed by a space character) rather than `&`. -## Appendix E: Percent-Encoding and Form Media Types +## Appendix E: Percent-Encoding and Form Media Types _**NOTE:** In this section, the `application/x-www-form-urlencoded` and `multipart/form-data` media types are abbreviated as `form-urlencoded` and `form-data`, respectively, for readability._ @@ -4251,7 +4251,7 @@ Reserved characters with no special meaning defined within a component can be le However, other specifications can define special meanings, requiring percent-encoding for those characters outside of the additional special meanings. The `form-urlencoded` media type defines special meanings for `=` and `&` as delimiters, and `+` as the replacement for the space character (instead of its percent-encoded form of `%20`). -This means that while these three characters are reserved-but-allowed in query strings by RFC3986, they must be percent-encoded in `form-urlencoded` query strings except when used for their `form-urlencoded` purposes; see [Appendix C](#usingRFC6570Implementations) for an example of handling `+` in form values. +This means that while these three characters are reserved-but-allowed in query strings by RFC3986, they must be percent-encoded in `form-urlencoded` query strings except when used for their `form-urlencoded` purposes; see [Appendix C](#appendix-c-using-rfc6570-implementations) for an example of handling `+` in form values. ### Percent-Encoding and `form-data` @@ -4274,10 +4274,10 @@ This specification normatively cites the following relevant standards: | [[RFC6570]] | 03/2012 | style-based serialization | [[RFC3986]] | does not use `+` for form‑urlencoded | | [RFC1866](https://datatracker.ietf.org/doc/html/rfc1866#section-8.2.1) | 11/1995 | content-based serialization | [[RFC1738]] | obsoleted by [[HTML401]] [Section 17.13.4.1](https://www.w3.org/TR/html401/interact/forms.html#h-17.13.4.1), [[URL]] [Section 5](https://url.spec.whatwg.org/#urlencoded-serializing) | -Style-based serialization is used in the [Parameter Object](#parameterObject) when `schema` is present, and in the [Encoding Object](#encodingObject) when at least one of `style`, `explode`, or `allowReserved` is present. -See [Appendix C](#usingRFC6570Implementations) for more details of RFC6570's two different approaches to percent-encoding, including an example involving `+`. +Style-based serialization is used in the [Parameter Object](#parameter-object) when `schema` is present, and in the [Encoding Object](#encoding-object) when at least one of `style`, `explode`, or `allowReserved` is present. +See [Appendix C](#appendix-c-using-rfc6570-implementations) for more details of RFC6570's two different approaches to percent-encoding, including an example involving `+`. -Content-based serialization is defined by the [Media Type Object](#mediaTypeObject), and used with the [Parameter Object](#parameterObject) when the `content` field is present, and with the [Encoding Object](#encodingObject) based on the `contentType` field when the style fields listed in the previous section are absent. +Content-based serialization is defined by the [Media Type Object](#media-type-object), and used with the [Parameter Object](#parameter-object) when the `content` field is present, and with the [Encoding Object](#encoding-object) based on the `contentType` field when the style fields listed in the previous section are absent. Each part is encoded based on the media type (e.g. `text/plain` or `application/json`), and must then be percent-encoded for use in a `form-urlencoded` string. Note that content-based serialization for `form-data` does not expect or require percent-encoding in the data, only in per-part header values. @@ -4318,3 +4318,4 @@ Code that relies on leaving these delimiters unencoded, while using regular perc For maximum interoperability, it is RECOMMENDED to either define and document an additional escape convention while percent-encoding the delimiters for these styles, or to avoid these styles entirely. The exact method of additional encoding/escaping is left to the API designer, and is expected to be performed before serialization and encoding described in this specification, and reversed after this specification's encoding and serialization steps are reversed. This keeps it outside of the processes governed by this specification. + From 66c8168d26b828ea3e943a6b2ece38d1883a084e Mon Sep 17 00:00:00 2001 From: Ralf Handl Date: Mon, 5 Aug 2024 17:56:53 +0200 Subject: [PATCH 170/251] Improved request-response example --- versions/3.0.4.md | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 37d932d04e..856ab0dbe5 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -2036,17 +2036,21 @@ For example, given the following HTTP request: POST /subscribe/myevent?queryUrl=https://clientdomain.com/stillrunning HTTP/1.1 Host: example.org Content-Type: application/json -Content-Length: 187 +Content-Length: 188 { - "failedUrl" : "https://clientdomain.com/failed", - "successUrls" : [ + "failedUrl": "https://clientdomain.com/failed", + "successUrls": [ "https://clientdomain.com/fast", "https://clientdomain.com/medium", "https://clientdomain.com/slow" ] } +``` + +resulting in: +```http 201 Created Location: https://example.org/subscription/1 ``` From 06460d1755975f8bf47f9387aca64c311ff1b15c Mon Sep 17 00:00:00 2001 From: Ralf Handl Date: Wed, 7 Aug 2024 18:59:29 +0200 Subject: [PATCH 171/251] 3.0.4: minor nits --- versions/3.0.4.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 856ab0dbe5..6436da8ad2 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -102,7 +102,7 @@ For example, if a field has an array value, the JSON array representation will b All field names in the specification are **case sensitive**. This includes all fields that are used as keys in a map, except where explicitly noted that keys are **case insensitive**. -The [schema](#schema) exposes two types of fields: Fixed fields, which have a declared name, and Patterned fields, which declare a regex pattern for the field name. +The [schema](#schema) exposes two types of fields: _fixed fields_, which have a declared name, and _patterned fields_, which have a declared pattern for the field name. Patterned fields MUST have unique names within the containing object. @@ -117,8 +117,8 @@ In order to preserve the ability to round-trip between YAML and JSON formats, YA An OpenAPI Description (OAD) MAY be made up of a single document or be divided into multiple, connected parts at the discretion of the author. In the latter case, [Reference Object](#reference-object) and [Path Item Object](#path-item-object) `$ref` keywords, as well as the [Link Object](#link-object) `operationRef` keyword, are used. -Any document consisting entirely of an OpenAPI Object is known as a **complete OpenAPI document**. -In a multi-document description, the document containing the [OpenAPI Object](#openapi-object) where parsing begins for a specific API's description is known as that API's **entry OpenAPI document**, or simply **entry document**. +Any document consisting entirely of an [OpenAPI Object](#openapi-object) is known as a **complete OpenAPI document**. +In a multi-document description, the document containing the OpenAPI Object where parsing begins for a specific API's description is known as that API's **entry OpenAPI document**, or simply **entry document**. It is RECOMMENDED that the entry OpenAPI document be named: `openapi.json` or `openapi.yaml`. @@ -143,7 +143,7 @@ In some cases, an unambiguous URI-based alternative is available, and OAD author | -------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------- | --------------------------------- | | [Security Requirement Object](#security-requirement-object) `{name}` | [Security Scheme Object](#security-scheme-object) name under the [Components Object](#components-object) | _n/a_ | | [Discriminator Object](#discriminator-object) `mapping` _(implicit, or explicit name syntax)_ | [Schema Object](#schema-object) name under the Components Object | `mapping` _(explicit URI syntax)_ | -| [Operation Object](#operation-object) `tags` | [Tag Object](#tag-object) `name` (in the Components Object) | _n/a_ | +| [Operation Object](#operation-object) `tags` | [Tag Object](#tag-object) `name` (in the [OpenAPI Object](#openapi-object)'s `tags` array) | _n/a_ | | [Link Object](#link-object) `operationId` | [Path Item Object](#path-item-object) `operationId` | `operationRef` | A fifth implicit connection involves appending the templated URL paths of the [Paths Object](#paths-object) to the appropriate [Server Object](#server-object)'s `url` field. From 433917819bc484877c3d550ae8ccff7ee6dd2d11 Mon Sep 17 00:00:00 2001 From: Ralf Handl Date: Wed, 7 Aug 2024 19:18:21 +0200 Subject: [PATCH 172/251] Section 4.3.2 --- versions/3.0.4.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 6436da8ad2..f7d8805a1d 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -143,7 +143,7 @@ In some cases, an unambiguous URI-based alternative is available, and OAD author | -------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------- | --------------------------------- | | [Security Requirement Object](#security-requirement-object) `{name}` | [Security Scheme Object](#security-scheme-object) name under the [Components Object](#components-object) | _n/a_ | | [Discriminator Object](#discriminator-object) `mapping` _(implicit, or explicit name syntax)_ | [Schema Object](#schema-object) name under the Components Object | `mapping` _(explicit URI syntax)_ | -| [Operation Object](#operation-object) `tags` | [Tag Object](#tag-object) `name` (in the [OpenAPI Object](#openapi-object)'s `tags` array) | _n/a_ | +| [Operation Object](#operation-object) `tags` | [Tag Object](#tag-object) `name` (in the [OpenAPI Object](#openapi-object)'s `tags` array) | _n/a_ | | [Link Object](#link-object) `operationId` | [Path Item Object](#path-item-object) `operationId` | `operationRef` | A fifth implicit connection involves appending the templated URL paths of the [Paths Object](#paths-object) to the appropriate [Server Object](#server-object)'s `url` field. @@ -158,7 +158,7 @@ The implicit connection of `tags` in the Operation Object uses the `name` field This means resolving component names and tag names both depend on starting from the correct OpenAPI Object. For resolving component and tag name connections from a referenced (non-entry) document, it is RECOMMENDED that tools resolve from the entry document, rather than the current document. -This allows Security Scheme Objects and Tag Objects to be defined with the API's deployment information (the top-level Server Objects), and treated as an interface for referenced documents to access. +This allows Security Scheme Objects and Tag Objects to be defined next to the API's deployment information (the top-level array of Server Objects), and treated as an interface for referenced documents to access. The interface approach can also work for Discriminator Objects and Schema Objects, but it is also possible to keep the Discriminator Object's behavior within a single document using the relative URI-reference syntax of `mapping`. @@ -168,7 +168,7 @@ These limitations are expected to be addressed in a future release. See [Security Requirement in a Referenced Document](#security-requirement-in-a-referenced-document) for an example of the possible resolutions, including which one is recommended by this section. The behavior for Discrimator Object non-URI mappings and for the Operation Object's `tags` field operate on the same principles. -Note that no aspect of implicit connection resolution changes how [URLs are resolved](#relative-references-in-urls), or restricts their possible targets. +Note that no aspect of implicit connection resolution changes how [URLs are resolved](#relative-references-in-urls) or restricts their possible targets. ### Data Types From 7f37999d41023a036c428a2487a9c28f0d9ecc34 Mon Sep 17 00:00:00 2001 From: Ralf Handl Date: Thu, 8 Aug 2024 15:20:57 +0200 Subject: [PATCH 173/251] servers array at different levels --- versions/3.0.4.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index f7d8805a1d..aba536a9f2 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -790,7 +790,7 @@ The path itself is still exposed to the documentation viewer but they will not k | head | [Operation Object](#operation-object) | A definition of a HEAD operation on this path. | | patch | [Operation Object](#operation-object) | A definition of a PATCH operation on this path. | | trace | [Operation Object](#operation-object) | A definition of a TRACE operation on this path. | -| servers | [[Server Object](#server-object)] | An alternative `server` array to service all operations in this path. If an alternative server object is specified at the Root level, it will be overridden by this value. | +| servers | [[Server Object](#server-object)] | An alternative `servers` array to service all operations in this path. If a `servers` array is specified at the [OpenAPI Object](#oas-servers) level, it will be overridden by this value. | | parameters | [[Parameter Object](#parameter-object) \| [Reference Object](#reference-object)] | A list of parameters that are applicable for all the operations described under this path. These parameters can be overridden at the operation level, but cannot be removed there. The list MUST NOT include duplicated parameters. A unique parameter is defined by a combination of a [name](#parameter-name) and [location](#parameter-in). The list can use the [Reference Object](#reference-object) to link to parameters that are defined at the [OpenAPI Object's components/parameters](#components-parameters). | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -898,7 +898,7 @@ Describes a single API operation on a path. | callbacks | Map[`string`, [Callback Object](#callback-object) \| [Reference Object](#reference-object)] | A map of possible out-of band callbacks related to the parent operation. The key is a unique identifier for the Callback Object. Each value in the map is a [Callback Object](#callback-object) that describes a request that may be initiated by the API provider and the expected responses. | | deprecated | `boolean` | Declares this operation to be deprecated. Consumers SHOULD refrain from usage of the declared operation. Default value is `false`. | | security | [[Security Requirement Object](#security-requirement-object)] | A declaration of which security mechanisms can be used for this operation. The list of values includes alternative security requirement objects that can be used. Only one of the security requirement objects need to be satisfied to authorize a request. To make security optional, an empty security requirement (`{}`) can be included in the array. This definition overrides any declared top-level [`security`](#oas-security). To remove a top-level security declaration, an empty array can be used. | -| servers | [[Server Object](#server-object)] | An alternative `server` array to service this operation. If an alternative `server` object is specified at the Path Item Object or Root level, it will be overridden by this value. | +| servers | [[Server Object](#server-object)] | An alternative `servers` array to service this operation. If a `servers` array is specified at the [Path Item Object](#path-item-servers) or [OpenAPI Object](#oas-servers) level, it will be overridden by this value. | This object MAY be extended with [Specification Extensions](#specification-extensions). From b5d529c3346dad4509cb1a157fbc553c1344c332 Mon Sep 17 00:00:00 2001 From: Ralf Handl Date: Thu, 8 Aug 2024 15:27:14 +0200 Subject: [PATCH 174/251] language, formatting --- versions/3.0.4.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index aba536a9f2..780b0a135c 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -791,7 +791,7 @@ The path itself is still exposed to the documentation viewer but they will not k | patch | [Operation Object](#operation-object) | A definition of a PATCH operation on this path. | | trace | [Operation Object](#operation-object) | A definition of a TRACE operation on this path. | | servers | [[Server Object](#server-object)] | An alternative `servers` array to service all operations in this path. If a `servers` array is specified at the [OpenAPI Object](#oas-servers) level, it will be overridden by this value. | -| parameters | [[Parameter Object](#parameter-object) \| [Reference Object](#reference-object)] | A list of parameters that are applicable for all the operations described under this path. These parameters can be overridden at the operation level, but cannot be removed there. The list MUST NOT include duplicated parameters. A unique parameter is defined by a combination of a [name](#parameter-name) and [location](#parameter-in). The list can use the [Reference Object](#reference-object) to link to parameters that are defined at the [OpenAPI Object's components/parameters](#components-parameters). | +| parameters | [[Parameter Object](#parameter-object) \| [Reference Object](#reference-object)] | A list of parameters that are applicable for all the operations described under this path. These parameters can be overridden at the operation level, but cannot be removed there. The list MUST NOT include duplicated parameters. A unique parameter is defined by a combination of a [name](#parameter-name) and [location](#parameter-in). The list can use the [Reference Object](#reference-object) to link to parameters that are defined in the [OpenAPI Object's `components.parameters`](#components-parameters). | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -892,7 +892,7 @@ Describes a single API operation on a path. | description | `string` | A verbose explanation of the operation behavior. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | | externalDocs | [External Documentation Object](#external-documentation-object) | Additional external documentation for this operation. | | operationId | `string` | Unique string used to identify the operation. The id MUST be unique among all operations described in the API. The operationId value is **case-sensitive**. Tools and libraries MAY use the operationId to uniquely identify an operation, therefore, it is RECOMMENDED to follow common programming naming conventions. | -| parameters | [[Parameter Object](#parameter-object) \| [Reference Object](#reference-object)] | A list of parameters that are applicable for this operation. If a parameter is already defined at the [Path Item](#path-item-parameters), the new definition will override it but can never remove it. The list MUST NOT include duplicated parameters. A unique parameter is defined by a combination of a [name](#parameter-name) and [location](#parameter-in). The list can use the [Reference Object](#reference-object) to link to parameters that are defined at the [OpenAPI Object's components/parameters](#components-parameters). | +| parameters | [[Parameter Object](#parameter-object) \| [Reference Object](#reference-object)] | A list of parameters that are applicable for this operation. If a parameter is already defined in the [Path Item](#path-item-parameters), the new definition will override it but can never remove it. The list MUST NOT include duplicated parameters. A unique parameter is defined by a combination of a [name](#parameter-name) and [location](#parameter-in). The list can use the [Reference Object](#reference-object) to link to parameters that are defined in the [OpenAPI Object's `components.parameters`](#components-parameters). | | requestBody | [Request Body Object](#request-body-object) \| [Reference Object](#reference-object) | The request body applicable for this operation. The `requestBody` is only supported in HTTP methods where the HTTP 1.1 specification [RFC7231](https://tools.ietf.org/html/rfc7231#section-4.3.1) has explicitly defined semantics for request bodies. In other cases where the HTTP spec is vague (such as [GET](https://tools.ietf.org/html/rfc7231#section-4.3.1), [HEAD](https://tools.ietf.org/html/rfc7231#section-4.3.2) and [DELETE](https://tools.ietf.org/html/rfc7231#section-4.3.5)), `requestBody` SHALL be ignored by consumers. | | responses | [Responses Object](#responses-object) | **REQUIRED**. The list of possible responses as they are returned from executing this operation. | | callbacks | Map[`string`, [Callback Object](#callback-object) \| [Reference Object](#reference-object)] | A map of possible out-of band callbacks related to the parent operation. The key is a unique identifier for the Callback Object. Each value in the map is a [Callback Object](#callback-object) that describes a request that may be initiated by the API provider and the expected responses. | From 8abc73d2d2c3df16fede53347d84b549ed46f5f3 Mon Sep 17 00:00:00 2001 From: Ralf Handl Date: Thu, 8 Aug 2024 15:42:53 +0200 Subject: [PATCH 175/251] braces according to Wikipedia and two other uses of it in this document --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 780b0a135c..b85ade373b 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -372,7 +372,7 @@ An object representing a Server. | Field Name | Type | Description | | ------------------------------------------- | :------------------------------------------------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| url | `string` | **REQUIRED**. A URL to the target host. This URL supports Server Variables and MAY be relative, to indicate that the host location is relative to the location where the OpenAPI document is being served. Variable substitutions will be made when a variable is named in `{`brackets`}`. | +| url | `string` | **REQUIRED**. A URL to the target host. This URL supports Server Variables and MAY be relative, to indicate that the host location is relative to the location where the OpenAPI document is being served. Variable substitutions will be made when a variable is named in `{`braces`}`. | | description | `string` | An optional string describing the host designated by the URL. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | | variables | Map[`string`, [Server Variable Object](#server-variable-object)] | A map between a variable name and its value. The value is used for substitution in the server's URL template. | From cb058444ba017ae4d2a4e63158bb19eb762ae2cd Mon Sep 17 00:00:00 2001 From: Ralf Handl Date: Thu, 8 Aug 2024 16:08:29 +0200 Subject: [PATCH 176/251] Mismatch between table description and table heading --- versions/3.0.4.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index b85ade373b..7a0edc151c 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -1124,7 +1124,7 @@ Assume a parameter named `color` has one of the following values: ```text string -> "blue" - array -> ["blue","black","brown"] + array -> ["blue", "black", "brown"] object -> { "R": 100, "G": 200, "B": 150 } ``` @@ -1132,12 +1132,12 @@ The following table shows examples, as would be shown with the `example` or `exa * The value _empty_ denotes the empty string, and is unrelated to the `allowEmptyValue` field * The behavior of combinations marked _n/a_ is undefined -* The `undefined` replaces the `empty` column in previous versions of this specification in order to better align with [RFC6570](https://www.rfc-editor.org/rfc/rfc6570.html#section-2.3) terminology, which describes certain values including but not limited to `null` as "undefined" values with special handling; notably, the empty string is _not_ undefined +* The `undefined` column replaces the `empty` column in previous versions of this specification in order to better align with [RFC6570](https://www.rfc-editor.org/rfc/rfc6570.html#section-2.3) terminology, which describes certain values including but not limited to `null` as "undefined" values with special handling; notably, the empty string is _not_ undefined * For `form` and the non-RFC6570 query string styles `spaceDelimited`, `pipeDelimited`, and `deepObject`, each example is shown prefixed with `?` as if it were the only query parameter; see [Appendix C](#appendix-c-using-rfc6570-implementations) for more information on constructing query strings from multiple parameters, and [Appendix D](#appendix-d-serializing-headers-and-cookies) for warnings regarding `form` and cookie parameters * Note that the `?` prefix is not appropriate for serializing `application/x-www-form-urlencoded` HTTP message bodies, and MUST be stripped or (if constructing the string manually) not added when used in that context; see the [Encoding Object](#encoding-object) for more information * The examples are percent-encoded as required by RFC6570 and RFC3986; see [Appendix E](#appendix-e-percent-encoding-and-form-media-types) for a thorough discussion of percent-encoding concerns, including why unencoded `|` (`%7C`), `[` (`%5B`), and `]` (`%5D`) seem to work in some environments despite not being compliant. -| [`style`](#style-values) | `explode` | `empty` | `string` | `array` | `object` | +| [`style`](#style-values) | `explode` | `undefined` | `string` | `array` | `object` | | ----------------------- | --------- | ------------------------------------------------- | ----------------------------------------------------- | ----------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------- | | matrix | false | ;color | ;color=blue | ;color=blue,black,brown | ;color=R,100,G,200,B,150 | | matrix | true | ;color | ;color=blue | ;color=blue;color=black;color=brown | ;R=100;G=200;B=150 | From 1aed970770f4493719a2962258440cff9c411db1 Mon Sep 17 00:00:00 2001 From: Ralf Handl Date: Thu, 8 Aug 2024 16:12:08 +0200 Subject: [PATCH 177/251] Update 3.0.4.md --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 7a0edc151c..40a425fc2d 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -1156,7 +1156,7 @@ The following table shows examples, as would be shown with the `example` or `exa ##### Parameter Object Examples -A header parameter with an array of 64 bit integer numbers: +A header parameter with an array of 64-bit integer numbers: ```json { From 3a26bfc089aac376802a2bcdc12a637d2d758d8d Mon Sep 17 00:00:00 2001 From: Ralf Handl Date: Fri, 9 Aug 2024 09:49:24 +0200 Subject: [PATCH 178/251] Update 3.0.4.md --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 40a425fc2d..eb4951df59 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -59,7 +59,7 @@ Some examples of possible media type definitions: The HTTP Status Codes are used to indicate the status of the executed operation. Status codes SHOULD be selected from the available status codes registered in the [IANA Status Code Registry](https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml). -### HTTP and Case Sensitivity +### Case Sensitivity As most field names and values in the OpenAPI Specification are case-sensitive, this document endeavors to call out any case-insensitive names and values. However, the case sensitivity of field names and values that map directly to HTTP concepts follow the case sensitivity rules of HTTP, even if this document does not make a note of every concept. From cc550211011a58e291cb8cf9e07455d1d9d0ab5c Mon Sep 17 00:00:00 2001 From: Ralf Handl Date: Fri, 9 Aug 2024 11:58:06 +0200 Subject: [PATCH 179/251] Double-quotes around string values --- versions/3.0.4.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index eb4951df59..1cacc6f5ca 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -1072,7 +1072,7 @@ These fields MAY be used with either `content` or `schema`. This object MAY be extended with [Specification Extensions](#specification-extensions). -Note that while `"Cookie"` as a `name` is not forbidden with `in: header`, the effect of defining a cookie parameter that way is undefined; use `in: cookie` instead. +Note that while `"Cookie"` as a `name` is not forbidden if `in` is `"header"`, the effect of defining a cookie parameter that way is undefined; use `in: "cookie"` instead. ###### Fixed Fields for use with `schema` @@ -1080,11 +1080,11 @@ For simpler scenarios, a [`schema`](#parameter-schema) and [`style`](#parameter- When `example` or `examples` are provided in conjunction with the `schema` object, the example SHOULD match the specified schema and follow the prescribed serialization strategy for the parameter. The `example` and `examples` fields are mutually exclusive, and if either is present it SHALL _override_ any `example` in the schema. -Serializing with `schema` is NOT RECOMMENDED for `in: cookie` parameters, `in: header` parameters that use HTTP header parameters (name=value pairs following a `;`) in their values, or `in: header` parameters where values might have non-URL-safe characters; see [Appendix D](#appendix-d-serializing-headers-and-cookies) for details. +Serializing with `schema` is NOT RECOMMENDED for `in: "cookie"` parameters, `in: "header"` parameters that use HTTP header parameters (name=value pairs following a `;`) in their values, or `in: "header"` parameters where values might have non-URL-safe characters; see [Appendix D](#appendix-d-serializing-headers-and-cookies) for details. | Field Name | Type | Description | | -------------------------------------------------- | :--------------------------------------------------------------------------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| style | `string` | Describes how the parameter value will be serialized depending on the type of the parameter value. Default values (based on value of `in`): for `query` - `form`; for `path` - `simple`; for `header` - `simple`; for `cookie` - `form`. | +| style | `string` | Describes how the parameter value will be serialized depending on the type of the parameter value. Default values (based on value of `in`): for `"query"` - `"form"`; for `"path"` - `"simple"`; for `"header"` - `"simple"`; for `"cookie"` - `"form"`. | | explode | `boolean` | When this is true, parameter values of type `array` or `object` generate separate parameters for each value of the array or key-value pair of the map. For other types of parameters this property has no effect. When [`style`](#parameter-style) is `form`, the default value is `true`. For all other styles, the default value is `false`. Note that despite `false` being the default for `deepObject`, the combination of `false` with `deepObject` is undefined. | | allowReserved | `boolean` | When this is true, parameter values are serialized using reserved expansion, as defined by [RFC6570](https://datatracker.ietf.org/doc/html/rfc6570#section-3.2.3), which allows [RFC3986's reserved character set](https://datatracker.ietf.org/doc/html/rfc3986#section-2.2), as well as percent-encoded triples, to pass through unchanged, while still percent-encoding all other disallowed characters (including `%` outside of percent-encoded triples). Applications are still responsible for percent-encoding reserved characters that are [not allowed in the query string](https://datatracker.ietf.org/doc/html/rfc3986#section-3.4) (`[`, `]`, `#`), or have a special meaning in `application/x-www-form-urlencoded` (`-`, `&`, `+`); see Appendices [C](#appendix-c-using-rfc6570-implementations) and [E](#appendix-e-percent-encoding-and-form-media-types) for details. This property only applies to parameters with an `in` value of `query`. The default value is `false`. | | schema | [Schema Object](#schema-object) \| [Reference Object](#reference-object) | The schema defining the type used for the parameter. | @@ -1320,7 +1320,7 @@ Describes a single request body. | Field Name | Type | Description | | ------------------------------------------------ | :--------------------------------------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | description | `string` | A brief description of the request body. This could contain examples of use. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | -| content | Map[`string`, [Media Type Object](#media-type-object)] | **REQUIRED**. The content of the request body. The key is a media type or [media type range](https://tools.ietf.org/html/rfc7231#appendix-D) and the value describes it. For requests that match multiple keys, only the most specific key is applicable. e.g. text/plain overrides text/\* | +| content | Map[`string`, [Media Type Object](#media-type-object)] | **REQUIRED**. The content of the request body. The key is a media type or [media type range](https://tools.ietf.org/html/rfc7231#appendix-D) and the value describes it. For requests that match multiple keys, only the most specific key is applicable. e.g. `"text/plain"` overrides `"text/*"` | | required | `boolean` | Determines if the request body is required in the request. Defaults to `false`. | This object MAY be extended with [Specification Extensions](#specification-extensions). From 1fa3eda702ca21e4a02e1724f2ea13550fb185af Mon Sep 17 00:00:00 2001 From: Ralf Handl Date: Fri, 9 Aug 2024 13:12:10 +0200 Subject: [PATCH 180/251] Formatting of string values --- versions/3.0.4.md | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 1cacc6f5ca..55c7e17618 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -1096,7 +1096,7 @@ See also [Appendix C: Using RFC6570 Implementations](#appendix-c-using-rfc6570-i ###### Fixed Fields for use with `content` For more complex scenarios, the [`content`](#parameter-content) property can define the media type and schema of the parameter, as well as give examples of its use. -Using `content` with a `text/plain` media type is RECOMMENDED for `in: header` and `in: cookie` parameters where the `schema` strategy is not appropriate. +Using `content` with a `text/plain` media type is RECOMMENDED for `in: "header"` and `in: "cookie"` parameters where the `schema` strategy is not appropriate. | Field Name | Type | Description | | -------------------------------------- | :--------------------------------------------------: | -------------------------------------------------------------------------------------------------------------------------------------------------- | @@ -1122,7 +1122,7 @@ See [Appendix E](#appendix-e-percent-encoding-and-form-media-types) for a discus Assume a parameter named `color` has one of the following values: -```text +```json string -> "blue" array -> ["blue", "black", "brown"] object -> { "R": 100, "G": 200, "B": 150 } @@ -1487,7 +1487,7 @@ application/json: ##### Considerations for File Uploads -In contrast with the 2.0 specification, `file` input/output content in OpenAPI is described with the same semantics as any other schema type. Specifically: +In contrast to OpenAPI 2.0, `file` input/output content in OpenAPI 3 is described with the same semantics as any other schema type. Specifically: ```yaml # content transferred in binary (octet-stream): @@ -1531,18 +1531,18 @@ To upload multiple files, a `multipart` media type MUST be used as shown under [ ##### Support for x-www-form-urlencoded Request Bodies -See [Encoding the `x-www-form-urlencoded` Media Type](#encoding-the-x-www-form-urlencoded-media-type) for guidance and examples, both with and without the `encoding` attribute. +See [Encoding the `x-www-form-urlencoded` Media Type](#encoding-the-x-www-form-urlencoded-media-type) for guidance and examples, both with and without the `encoding` field. ##### Special Considerations for `multipart` Content -See [Encoding `multipart` Media Types](#encoding-multipart-media-types) for further guidance and examples, both with and without the `encoding` attribute. +See [Encoding `multipart` Media Types](#encoding-multipart-media-types) for further guidance and examples, both with and without the `encoding` field. #### Encoding Object A single encoding definition applied to a single schema property. See [Appendix B](#appendix-b-data-type-conversion) for a discussion of converting values of various types to string representations. -Properties are correlated with `multipart` parts using the `name` parameter to `Content-Disposition: form-data`, and with `application/x-www-form-urlencoded` using the query string parameter names. +Properties are correlated with `multipart` parts using the [`name` parameter](https://www.rfc-editor.org/rfc/rfc7578#section-4.2) of `Content-Disposition: form-data`, and with `application/x-www-form-urlencoded` using the query string parameter names. In both cases, their order is implementation-defined. See [Appendix E](#appendix-e-percent-encoding-and-form-media-types) for a detailed examination of percent-encoding concerns for form media types. @@ -1579,7 +1579,7 @@ See [Appendix B](#appendix-b-data-type-conversion) for a discussion of data type | Field Name | Type | Description | | ------------------------------------------------- | :-------: | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | style | `string` | Describes how a specific property value will be serialized depending on its type. See [Parameter Object](#parameter-object) for details on the [`style`](#parameter-style) property. The behavior follows the same values as `query` parameters, including default values. Note that the initial `?` used in query strings is not used in `application/x-www-form-urlencoded` message bodies, and MUST be removed (if using an RFC6570 implementation) or simply not added (if constructing the string manually). This property SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. | -| explode | `boolean` | When this is true, property values of type `array` or `object` generate separate parameters for each value of the array, or key-value-pair of the map. For other types of properties this property has no effect. When [`style`](#encoding-style) is `form`, the default value is `true`. For all other styles, the default value is `false`. Note that despite `false` being the default for `deepObject`, the combination of `false` with `deepObject` is undefined. This property SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. | +| explode | `boolean` | When this is `true`, property values of type `array` or `object` generate separate parameters for each value of the array, or key-value-pair of the map. For other types of properties this property has no effect. When [`style`](#encoding-style) is `"form"`, the default value is `true`. For all other styles, the default value is `false`. Note that despite `false` being the default for `deepObject`, the combination of `false` with `deepObject` is undefined. This property SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. | | allowReserved | `boolean` | When this is true, parameter values are serialized using reserved expansion, as defined by [RFC6570](https://datatracker.ietf.org/doc/html/rfc6570#section-3.2.3), which allows [RFC3986's reserved character set](https://datatracker.ietf.org/doc/html/rfc3986#section-2.2), as well as percent-encoded triples, to pass through unchanged, while still percent-encoding all other disallowed characters (including `%` outside of percent-encoded triples). Applications are still responsible for percent-encoding reserved characters that are [not allowed in the query string](https://datatracker.ietf.org/doc/html/rfc3986#section-3.4) (`[`, `]`, `#`), or have a special meaning in `application/x-www-form-urlencoded` (`-`, `&`, `+`); see Appendices [C](#appendix-c-using-rfc6570-implementations) and [E](#appendix-e-percent-encoding-and-form-media-types) for details. The default value is `false`. This property SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. | See also [Appendix C: Using RFC6570 Implementations](#appendix-c-using-rfc6570-implementations) for additional guidance. @@ -1595,7 +1595,7 @@ However, if all three of `style`, `explode`, and `allowReserved` fields are abse * All three keywords are to be entirely ignored, rather than treated as having their default values * Encoding is to be based on `contentType` alone, whether it is present with an explicit value or absent and treated as having its default value -Note that the presence of at least one of `style`, `explode`, or `allowReserved` with an explicit value is equivalent to using `schema` with `in: query` Parameter Objects. +Note that the presence of at least one of `style`, `explode`, or `allowReserved` with an explicit value is equivalent to using `schema` with `in: "query"` Parameter Objects. The absence of all three of those fields is the equivalent of using `content`, but with the media type specified in `contentType` rather than through a Media Type Object. ##### Encoding the `x-www-form-urlencoded` Media Type @@ -1607,7 +1607,7 @@ See [Appendix E](#appendix-e-percent-encoding-and-form-media-types) for a detail ###### Example: URL Encoded Form with JSON Values -When there is no [`encoding` field](#media-type-encoding), the serialization strategy is based on the Encoding Object's default values: +When there is no [`encoding`](#media-type-encoding) field, the serialization strategy is based on the Encoding Object's default values: ```yaml requestBody: @@ -1687,7 +1687,7 @@ However, this is not guaranteed and the value would still need to be percent-dec ##### Encoding `multipart` Media Types -It is common to use `multipart/form-data` as a `Content-Type` when transferring forms as request bodies. In contrast to 2.0, a `schema` is REQUIRED to define the input parameters to the operation when using `multipart` content. This supports complex structures as well as supporting mechanisms for multiple file uploads. +It is common to use `multipart/form-data` as a `Content-Type` when transferring forms as request bodies. In contrast to OpenAPI 2.0, a `schema` is REQUIRED to define the input parameters to the operation when using `multipart` content. This supports complex structures as well as supporting mechanisms for multiple file uploads. The `form-data` disposition and its `name` parameter are mandatory for `multipart/form-data` ([RFC7578](https://www.rfc-editor.org/rfc/rfc7578.html#section-4.2)). Array properties are handled by applying the same `name` to multiple parts, as is recommended by [RFC7578](https://www.rfc-editor.org/rfc/rfc7578.html#section-4.3) for supplying multiple values per form field. @@ -1700,16 +1700,16 @@ Note that there are significant restrictions on what headers can be used with `m Note also that `Content-Transfer-Encoding` is deprecated for `multipart/form-data` ([RFC7578](https://www.rfc-editor.org/rfc/rfc7578.html#section-4.7)) where binary data is supported, as it is in HTTP. -Using `format: byte` for a multipart field is equivalent to specifying an [Encoding Object](#encoding-object) with a `headers` field containing `Content-Transfer-Encoding` with a schema that requires the value `base64`. -If `format: byte` is used for a multipart field that has an Encoding Object with a `headers` field containing `Content-Transfer-Encoding` with a schema that disallows `base64`, the result is undefined for serialization and parsing. +Using `format: "byte"` for a multipart field is equivalent to specifying an [Encoding Object](#encoding-object) with a `headers` field containing `Content-Transfer-Encoding` with a schema that requires the value `base64`. +If `format: "byte"` is used for a multipart field that has an Encoding Object with a `headers` field containing `Content-Transfer-Encoding` with a schema that disallows `base64`, the result is undefined for serialization and parsing. -Per the JSON Schema specification, `contentMediaType` without `contentEncoding` present is treated as if `contentEncoding: identity` were present. While useful for embedding text documents such as `text/html` into JSON strings, it is not useful for a `multipart/form-data` part, as it just causes the document to be treated as `text/plain` instead of its actual media type. Use the Encoding Object without `contentMediaType` if no `contentEncoding` is required. +Per the JSON Schema specification, `contentMediaType` without `contentEncoding` present is treated as if `contentEncoding: "identity"` were present. While useful for embedding text documents such as `text/html` into JSON strings, it is not useful for a `multipart/form-data` part, as it just causes the document to be treated as `text/plain` instead of its actual media type. Use the Encoding Object without `contentMediaType` if no `contentEncoding` is required. See [Appendix E](#appendix-e-percent-encoding-and-form-media-types) for a detailed examination of percent-encoding concerns for form media types. ###### Example: Basic Multipart Form -When the `encoding` attribute is _not_ used, the encoding is determined by the Encoding Object's defaults: +When the `encoding` field is _not_ used, the encoding is determined by the Encoding Object's defaults: ```yaml requestBody: @@ -2304,7 +2304,7 @@ Because of the potential for name clashes, the `operationRef` syntax is preferre for multi-document OpenAPI descriptions. Note that it is not possible to provide a constant value to `parameters` that matches the syntax of a runtime expression. -It is possible to have ambiguous parameter names, e.g. `name: id, in: path` and `name: path.id, in: query`; this is NOT RECOMMENDED and the behavior is implementation-defined, however implementations SHOULD prefer the qualified interpretation (`path.id` as a path parameter), as the names can always be qualified to disambiguate them (e.g. using `query.path.id` for the query parameter). +It is possible to have ambiguous parameter names, e.g. `name: "id", in: "path"` and `name: "path.id", in: "query"`; this is NOT RECOMMENDED and the behavior is implementation-defined, however implementations SHOULD prefer the qualified interpretation (`path.id` as a path parameter), as the names can always be qualified to disambiguate them (e.g. using `query.path.id` for the query parameter). ##### Examples @@ -4215,17 +4215,17 @@ This will expand to the result: ## Appendix D: Serializing Headers and Cookies -RFC6570's percent-encoding behavior is not always appropriate for `in: header` and `in: cookie` parameters. +RFC6570's percent-encoding behavior is not always appropriate for `in: "header"` and `in: "cookie"` parameters. In many cases, it is more appropriate to use `content` with a media type such as `text/plain` and require the application to assemble the correct string. -For both cookies ([RFC6265](https://www.rfc-editor.org/rfc/rfc6265)) and HTTP headers using the structured fields ([RFC8941](https://www.rfc-editor.org/rfc/rfc8941)) syntax, non-ASCII content is handled using base64 encoding (`format: byte`). +For both cookies ([RFC6265](https://www.rfc-editor.org/rfc/rfc6265)) and HTTP headers using the structured fields ([RFC8941](https://www.rfc-editor.org/rfc/rfc8941)) syntax, non-ASCII content is handled using base64 encoding (`format: "byte"`). Note that the standard base64 encoding alphabet includes non-URL-safe characters that are percent-encoded by RFC6570 expansion; serializing values through both encodings is NOT RECOMMENDED. Most HTTP headers predate the structured field syntax, and a comprehensive assessment of their syntax and encoding rules is well beyond the scope of this specification. While [RFC8187](https://www.rfc-editor.org/rfc/rfc8187) recommends percent-encoding HTTP field (header or trailer) parameters, these parameters appear after a `;` character. -With `style: simple`, that delimiter would itself be percent-encoded, violating the general HTTP field syntax. +With `style: "simple"`, that delimiter would itself be percent-encoded, violating the general HTTP field syntax. -Using `style: form` with `in: cookie` is ambiguous for a single value, and incorrect for multiple values. +Using `style: "form"` with `in: "cookie"` is ambiguous for a single value, and incorrect for multiple values. This is true whether the multiple values are the result of using `explode: true` or not. This style is specified to be equivalent to RFC6570 form expansion which includes the `?` character (see Appendix C for more details), which is not part of the cookie syntax. From 22a15531ccd60e163ad7a0bcec2db6cbdb5b5811 Mon Sep 17 00:00:00 2001 From: Ralf Handl Date: Fri, 9 Aug 2024 13:15:05 +0200 Subject: [PATCH 181/251] Style Examples values --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 55c7e17618..61ed113e2a 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -1122,7 +1122,7 @@ See [Appendix E](#appendix-e-percent-encoding-and-form-media-types) for a discus Assume a parameter named `color` has one of the following values: -```json +```js string -> "blue" array -> ["blue", "black", "brown"] object -> { "R": 100, "G": 200, "B": 150 } From 70325c4e1a048cf0a74d5249f5885f126364534b Mon Sep 17 00:00:00 2001 From: Ralf Handl Date: Fri, 9 Aug 2024 13:22:27 +0200 Subject: [PATCH 182/251] Responses --- versions/3.0.4.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 61ed113e2a..81f2d52d96 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -1822,7 +1822,7 @@ call. | Field Pattern | Type | Description | | ---------------------------------------------------------- | :------------------------------------------------------------------------: | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| [HTTP Status Code](#http-status-codes) | [Response Object](#response-object) \| [Reference Object](#reference-object) | Any [HTTP status code](#http-status-codes) can be used as the property name, but only one property per code, to describe the expected response for that HTTP status code. A [Reference Object](#reference-object) can link to a response that is defined in the [OpenAPI Object's components/responses](#components-responses) section. This field MUST be enclosed in quotation marks (for example, "200") for compatibility between JSON and YAML. To define a range of response codes, this field MAY contain the uppercase wildcard character `X`. For example, `2XX` represents all response codes between `[200-299]`. Only the following range definitions are allowed: `1XX`, `2XX`, `3XX`, `4XX`, and `5XX`. If a response is defined using an explicit code, the explicit code definition takes precedence over the range definition for that code. | +| [HTTP Status Code](#http-status-codes) | [Response Object](#response-object) \| [Reference Object](#reference-object) | Any [HTTP status code](#http-status-codes) can be used as the property name, but only one property per code, to describe the expected response for that HTTP status code. A [Reference Object](#reference-object) can link to a response that is defined in the [OpenAPI Object's components/responses](#components-responses) section. This field MUST be enclosed in quotation marks (for example, "200") for compatibility between JSON and YAML. To define a range of response codes, this field MAY contain the uppercase wildcard character `X`. For example, `2XX` represents all response codes between `200` and `299`. Only the following range definitions are allowed: `1XX`, `2XX`, `3XX`, `4XX`, and `5XX`. If a response is defined using an explicit code, the explicit code definition takes precedence over the range definition for that code. | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -1872,7 +1872,7 @@ default: #### Response Object -Describes a single response from an API Operation, including design-time, static +Describes a single response from an API operation, including design-time, static `links` to operations based on the response. ##### Fixed Fields @@ -1881,7 +1881,7 @@ Describes a single response from an API Operation, including design-time, static | --------------------------------------------- | :-----------------------------------------------------------------------------------: | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | description | `string` | **REQUIRED**. A description of the response. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | | headers | Map[`string`, [Header Object](#header-object) \| [Reference Object](#reference-object)] | Maps a header name to its definition. [RFC7230](https://tools.ietf.org/html/rfc7230#section-3.2) states header names are case insensitive. If a response header is defined with the name `"Content-Type"`, it SHALL be ignored. | -| content | Map[`string`, [Media Type Object](#media-type-object)] | A map containing descriptions of potential response payloads. The key is a media type or [media type range](https://tools.ietf.org/html/rfc7231#appendix-D) and the value describes it. For responses that match multiple keys, only the most specific key is applicable. e.g. text/plain overrides text/\* | +| content | Map[`string`, [Media Type Object](#media-type-object)] | A map containing descriptions of potential response payloads. The key is a media type or [media type range](https://tools.ietf.org/html/rfc7231#appendix-D) and the value describes it. For responses that match multiple keys, only the most specific key is applicable. e.g. `"text/plain"` overrides `"text/*"` | | links | Map[`string`, [Link Object](#link-object) \| [Reference Object](#reference-object)] | A map of operations links that can be followed from the response. The key of the map is a short name for the link, following the naming constraints of the names for [Component Objects](#components-object). | This object MAY be extended with [Specification Extensions](#specification-extensions). From 2b010419258977264336abc4bd50b59578c52dbb Mon Sep 17 00:00:00 2001 From: Ralf Handl Date: Fri, 9 Aug 2024 13:33:10 +0200 Subject: [PATCH 183/251] X Object always with Capital O --- versions/3.0.4.md | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 81f2d52d96..2a5d002ee2 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -249,7 +249,7 @@ This is the root object of the [OpenAPI document](#openapi-description). | servers | [[Server Object](#server-object)] | An array of Server Objects, which provide connectivity information to a target server. If the `servers` property is not provided, or is an empty array, the default value would be a [Server Object](#server-object) with a [url](#server-url) value of `/`. | | paths | [Paths Object](#paths-object) | **REQUIRED**. The available paths and operations for the API. | | components | [Components Object](#components-object) | An element to hold various schemas for the document. | -| security | [[Security Requirement Object](#security-requirement-object)] | A declaration of which security mechanisms can be used across the API. The list of values includes alternative security requirement objects that can be used. Only one of the security requirement objects need to be satisfied to authorize a request. Individual operations can override this definition. To make security optional, an empty security requirement (`{}`) can be included in the array. | +| security | [[Security Requirement Object](#security-requirement-object)] | A declaration of which security mechanisms can be used across the API. The list of values includes alternative Security Requirement Objects that can be used. Only one of the Security Requirement Objects need to be satisfied to authorize a request. Individual operations can override this definition. To make security optional, an empty security requirement (`{}`) can be included in the array. | | tags | [[Tag Object](#tag-object)] | A list of tags used by the document with additional metadata. The order of the tags can be used to reflect on their order by the parsing tools. Not all tags that are used by the [Operation Object](#operation-object) must be declared. The tags that are not declared MAY be organized randomly or based on the tools' logic. Each tag name in the list MUST be unique. | | externalDocs | [External Documentation Object](#external-documentation-object) | Additional external documentation. | @@ -487,7 +487,7 @@ This object MAY be extended with [Specification Extensions](#specification-exten #### Components Object Holds a set of reusable objects for different aspects of the OAS. -All objects defined within the components object will have no effect on the API unless they are explicitly referenced from properties outside the components object. +All objects defined within the Components Object will have no effect on the API unless they are explicitly referenced from properties outside the Components Object. ##### Fixed Fields @@ -897,7 +897,7 @@ Describes a single API operation on a path. | responses | [Responses Object](#responses-object) | **REQUIRED**. The list of possible responses as they are returned from executing this operation. | | callbacks | Map[`string`, [Callback Object](#callback-object) \| [Reference Object](#reference-object)] | A map of possible out-of band callbacks related to the parent operation. The key is a unique identifier for the Callback Object. Each value in the map is a [Callback Object](#callback-object) that describes a request that may be initiated by the API provider and the expected responses. | | deprecated | `boolean` | Declares this operation to be deprecated. Consumers SHOULD refrain from usage of the declared operation. Default value is `false`. | -| security | [[Security Requirement Object](#security-requirement-object)] | A declaration of which security mechanisms can be used for this operation. The list of values includes alternative security requirement objects that can be used. Only one of the security requirement objects need to be satisfied to authorize a request. To make security optional, an empty security requirement (`{}`) can be included in the array. This definition overrides any declared top-level [`security`](#oas-security). To remove a top-level security declaration, an empty array can be used. | +| security | [[Security Requirement Object](#security-requirement-object)] | A declaration of which security mechanisms can be used for this operation. The list of values includes alternative Security Requirement Objects that can be used. Only one of the Security Requirement Objects need to be satisfied to authorize a request. To make security optional, an empty security requirement (`{}`) can be included in the array. This definition overrides any declared top-level [`security`](#oas-security). To remove a top-level security declaration, an empty array can be used. | | servers | [[Server Object](#server-object)] | An alternative `servers` array to service this operation. If a `servers` array is specified at the [Path Item Object](#path-item-servers) or [OpenAPI Object](#oas-servers) level, it will be overridden by this value. | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -1077,7 +1077,7 @@ Note that while `"Cookie"` as a `name` is not forbidden if `in` is `"header"`, t ###### Fixed Fields for use with `schema` For simpler scenarios, a [`schema`](#parameter-schema) and [`style`](#parameter-style) can describe the structure and syntax of the parameter. -When `example` or `examples` are provided in conjunction with the `schema` object, the example SHOULD match the specified schema and follow the prescribed serialization strategy for the parameter. +When `example` or `examples` are provided in conjunction with the `schema` field, the example SHOULD match the specified schema and follow the prescribed serialization strategy for the parameter. The `example` and `examples` fields are mutually exclusive, and if either is present it SHALL _override_ any `example` in the schema. Serializing with `schema` is NOT RECOMMENDED for `in: "cookie"` parameters, `in: "header"` parameters that use HTTP header parameters (name=value pairs following a `;`) in their values, or `in: "header"` parameters where values might have non-URL-safe characters; see [Appendix D](#appendix-d-serializing-headers-and-cookies) for details. @@ -1805,7 +1805,7 @@ The container maps a HTTP response code to the expected response. The documentation is not necessarily expected to cover all possible HTTP response codes because they may not be known in advance. However, documentation is expected to cover a successful operation response and any known errors. -The `default` MAY be used as a default response object for all HTTP codes +The `default` MAY be used as a default Response Object for all HTTP codes that are not covered individually by the Responses Object. The Responses Object MUST contain at least one response code, and if only one @@ -2013,7 +2013,7 @@ description: object created A map of possible out-of band callbacks related to the parent operation. Each value in the map is a [Path Item Object](#path-item-object) that describes a set of requests that may be initiated by the API provider and the expected responses. -The key value used to identify the path item object is an expression, evaluated at runtime, that identifies a URL to use for the callback operation. +The key value used to identify the Path Item Object is an expression, evaluated at runtime, that identifies a URL to use for the callback operation. ##### Patterned Fields @@ -2070,7 +2070,7 @@ The following examples show how the various expressions evaluate, assuming the c ##### Callback Object Examples -The following example uses the user provided `queryUrl` query string parameter to define the callback URL. This is an example of how to use a callback object to describe a WebHook callback that goes with the subscription operation to enable registering for the WebHook. +The following example uses the user provided `queryUrl` query string parameter to define the callback URL. This is an example of how to use a Callback Object to describe a WebHook callback that goes with the subscription operation to enable registering for the WebHook. ```yaml myCallback: @@ -2138,7 +2138,7 @@ The mutually exclusive fields in the Parameter or Media Type Objects are used to The exact serialization and encoding is determined by various fields in the Parameter Object, or in the Media Type Object's [Encoding Object](#encoding-object). Because examples using these fields represent the final serialized form of the data, they SHALL _override_ any `example` in the corresponding Schema Object. -The singular `example` field in the Parameter or Media Type object is concise and convenient for simple examples, but does not offer any other advantages over using Example Objects under `examples`. +The singular `example` field in the Parameter or Media Type Object is concise and convenient for simple examples, but does not offer any other advantages over using Example Objects under `examples`. Some examples cannot be represented directly in JSON or YAML. For all three ways of providing examples, these can be shown as string values with any escaping necessary to make the string valid in the JSON or YAML format of the OpenAPI Description document. @@ -2475,11 +2475,11 @@ This object MAY be extended with [Specification Extensions](#specification-exten ###### Fixed Fields for use with `schema` For simpler scenarios, a [`schema`](#header-schema) and [`style`](#header-style) can describe the structure and syntax of the header. -When `example` or `examples` are provided in conjunction with the `schema` object, the example MUST follow the prescribed serialization strategy for the header. +When `example` or `examples` are provided in conjunction with the `schema` field, the example MUST follow the prescribed serialization strategy for the header. Serializing with `schema` is NOT RECOMMENDED for headers with parameters (name=value pairs following a `;`) in their values, or where values might have non-URL-safe characters; see [Appendix D](#appendix-d-serializing-headers-and-cookies) for details. -When `example` or `examples` are provided in conjunction with the `schema` object, the example SHOULD match the specified schema and follow the prescribed serialization strategy for the header. +When `example` or `examples` are provided in conjunction with the `schema` field, the example SHOULD match the specified schema and follow the prescribed serialization strategy for the header. The `example` and `examples` fields are mutually exclusive, and if either is present it SHALL _override_ any `example` in the schema. | Field Name | Type | Description | @@ -4054,7 +4054,7 @@ words: #### RFC6570-Equivalent Expansion -This array of parameter objects uses regular `style: form` expansion, fully supported by RFC6570: +This array of Parameter Objects uses regular `style: "form"` expansion, fully supported by RFC6570: ```YAML parameters: From 4aaeaa91e101548936489f28752e567548661810 Mon Sep 17 00:00:00 2001 From: Ralf Handl Date: Fri, 9 Aug 2024 16:29:23 +0200 Subject: [PATCH 184/251] casing --- versions/3.0.4.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 2a5d002ee2..a1c65b7a63 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -2063,7 +2063,7 @@ The following examples show how the various expressions evaluate, assuming the c | $method | POST | | $request.path.eventType | myevent | | $request.query.queryUrl | | -| $request.header.content-Type | application/json | +| $request.header.content-type | application/json | | $request.body#/failedUrl | | | $request.body#/successUrls/1 | | | $response.header.Location | | @@ -2128,8 +2128,8 @@ Tooling implementations MAY choose to validate compatibility automatically, and #### Working With Examples Example Objects can be used in both [Parameter Objects](#parameter-object) and [Media Type Objects](#media-type-object). -In both Objects, this is done through the `examples` (plural) field. -However, there are two other ways to provide examples: The `example` (singular) field that is mutually exclusive with `examples` in both Objects, and the `example` (singular) field in the [Schema Object](#schema-object) that appears in the `schema` field of both Objects. +In both objects, this is done through the `examples` (plural) field. +However, there are two other ways to provide examples: The `example` (singular) field that is mutually exclusive with `examples` in both objects, and the `example` (singular) field in the [Schema Object](#schema-object) that appears in the `schema` field of both objects. Each of these fields has slightly different considerations. The Schema Object's `example` field is used to show example values without regard to how they might be formatted as parameters or within media type representations. From ddbab4a57fccaf6374071f36618e291416970e3d Mon Sep 17 00:00:00 2001 From: Ralf Handl Date: Fri, 9 Aug 2024 16:38:58 +0200 Subject: [PATCH 185/251] Pure YAML --- versions/3.0.4.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index a1c65b7a63..a87590b8bf 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -2157,10 +2157,12 @@ requestBody: examples: foo: summary: A foo example - value: { 'foo': 'bar' } + value: + foo: bar bar: summary: A bar example - value: { 'bar': 'baz' } + value: + bar: baz application/xml: examples: xmlExample: From 91e85770d7c51947ce160a1f8ca978583dddfe6e Mon Sep 17 00:00:00 2001 From: Ralf Handl Date: Fri, 9 Aug 2024 16:56:18 +0200 Subject: [PATCH 186/251] Fewer commas, formatting, ABNF indentation --- versions/3.0.4.md | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index a87590b8bf..6b0028e85a 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -2285,7 +2285,7 @@ The presence of a link does not guarantee the caller's ability to successfully i Unlike _dynamic_ links (i.e. links provided **in** the response payload), the OAS linking mechanism does not require link information in the runtime response. -For computing links, and providing instructions to execute them, a [runtime expression](#runtime-expressions) is used for accessing values in an operation and using them as parameters while invoking the linked operation. +For computing links and providing instructions to execute them, a [runtime expression](#runtime-expressions) is used for accessing values in an operation and using them as parameters while invoking the linked operation. ##### Fixed Fields @@ -2372,10 +2372,10 @@ links: ``` Clients follow all links at their discretion. -Neither permissions, nor the capability to make a successful call to that link, is guaranteed +Neither permissions nor the capability to make a successful call to that link is guaranteed solely by the existence of a relationship. -##### OperationRef Examples +##### `operationRef` Examples As references to `operationId` MAY NOT be possible (the `operationId` is an optional field in an [Operation Object](#operation-object)), references MAY also be made through a relative `operationRef`: @@ -2400,8 +2400,8 @@ links: username: $response.body#/username ``` -Note that in the use of `operationRef`, the _escaped forward-slash_ is necessary when -using JSON Pointer, and it is necessary to URL-encode `{` and `}` as `%7B` and `%7D`, respectively when using JSON Pointer as URI fragments. +Note that in the use of `operationRef` the _escaped forward-slash_ is necessary when +using JSON Pointer, and it is necessary to URL-encode `{` and `}` as `%7B` and `%7D`, respectively, when using JSON Pointer as URI fragments. ##### Runtime Expressions @@ -2411,22 +2411,22 @@ This mechanism is used by [Link Objects](#link-object) and [Callback Objects](#c The runtime expression is defined by the following [ABNF](https://tools.ietf.org/html/rfc5234) syntax ```abnf - expression = ( "$url" / "$method" / "$statusCode" / "$request." source / "$response." source ) - source = ( header-reference / query-reference / path-reference / body-reference ) + expression = "$url" / "$method" / "$statusCode" / "$request." source / "$response." source + source = header-reference / query-reference / path-reference / body-reference header-reference = "header." token - query-reference = "query." name - path-reference = "path." name - body-reference = "body" ["#" json-pointer ] + query-reference = "query." name + path-reference = "path." name + body-reference = "body" ["#" json-pointer ] json-pointer = *( "/" reference-token ) reference-token = *( unescaped / escaped ) unescaped = %x00-2E / %x30-7D / %x7F-10FFFF - ; %x2F ('/') and %x7E ('~') are excluded from 'unescaped' + ; %x2F ('/') and %x7E ('~') are excluded from 'unescaped' escaped = "~" ( "0" / "1" ) - ; representing '~' and '/', respectively + ; representing '~' and '/', respectively name = *( CHAR ) token = 1*tchar - tchar = "!" / "#" / "$" / "%" / "&" / "'" / "*" / "+" / "-" / "." / - "^" / "_" / "`" / "|" / "~" / DIGIT / ALPHA + tchar = "!" / "#" / "$" / "%" / "&" / "'" / "*" / "+" / "-" / "." + / "^" / "_" / "`" / "|" / "~" / DIGIT / ALPHA ``` Here, `json-pointer` is taken from [RFC6901](https://tools.ietf.org/html/rfc6901), `char` from [RFC7159](https://tools.ietf.org/html/rfc7159#section-7) and `token` from [RFC7230](https://tools.ietf.org/html/rfc7230#section-3.2.6). From 35edf646fe122e8a8219bf9c50f97d27ac881439 Mon Sep 17 00:00:00 2001 From: Ralf Handl Date: Fri, 9 Aug 2024 17:12:58 +0200 Subject: [PATCH 187/251] Formatting of string value --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 6b0028e85a..7e7a336cf8 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -2486,7 +2486,7 @@ The `example` and `examples` fields are mutually exclusive, and if either is pre | Field Name | Type | Description | | ------------------------------------- | :--------------------------------------------------------------------------------------: | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| style | `string` | Describes how the header value will be serialized. The default (and only legal value for headers) is `simple`. | +| style | `string` | Describes how the header value will be serialized. The default (and only legal value for headers) is `"simple"`. | | explode | `boolean` | When this is true, header values of type `array` or `object` generate a single header whose value is a comma-separated list of the array items or key-value pairs of the map, see [Style Examples](#style-examples). For other data types this property has no effect. The default value is `false`. | | schema | [Schema Object](#schema-object) \| [Reference Object](#reference-object) | The schema defining the type used for the header. | | example | Any | Example of the header's potential value; see [Working With Examples](#working-with-examples). | From 439e8eb9da4194e600ad830aeb1740287d08fe14 Mon Sep 17 00:00:00 2001 From: Ralf Handl Date: Mon, 12 Aug 2024 09:30:10 +0200 Subject: [PATCH 188/251] Second pattern is problematic See https://github.com/OAI/OpenAPI-Specification/pull/3818#issuecomment-2282862601 --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 7e7a336cf8..ba4b7c95dd 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -4020,7 +4020,7 @@ parameters: type: string ``` -This example is equivalent to RFC6570's `{?foo*,bar}`, and **_NOT_** `{?foo*}{&bar}`, which is problematic because if `foo` is not defined, the result will be an invalid URI. +This example is equivalent to RFC6570's `{?foo*,bar}`, and **_NOT_** `{?foo*}{&bar}`. The latter is problematic because if `foo` is not defined, the result will be an invalid URI. The `&` prefix operator has no equivalent in the Parameter Object. Note that RFC6570 does not specify behavior for compound values beyond the single level addressed by `explode`. The results of using objects or arrays where no behavior is clearly specified for them is implementation-defined. From b12c1b24bf8ed8ece8d57403dfeebac67222322e Mon Sep 17 00:00:00 2001 From: Ralf Handl Date: Mon, 12 Aug 2024 11:35:07 +0200 Subject: [PATCH 189/251] Rephrased to avoid contradicting other spec text --- versions/3.0.4.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index ba4b7c95dd..7dca3d22cf 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -2458,7 +2458,7 @@ The Header Object follows the structure of the [Parameter Object](#parameter-obj 1. `name` MUST NOT be specified, it is given in the corresponding `headers` map. 1. `in` MUST NOT be specified, it is implicitly in `header`. -1. All traits that are affected by the location MUST be applicable to a location of `header` (for example, [`style`](#parameter-style)). This means that `allowEmptyValue` and `allowReserved` MUST NOT be used, and `style`, if used, MUST be limited to `simple`. +1. All traits that are affected by the location MUST be applicable to a location of `header` (for example, [`style`](#parameter-style)). This means that `allowEmptyValue` and `allowReserved` MUST NOT be used, and `style`, if used, MUST be limited to `"simple"`. ##### Fixed Fields @@ -2684,7 +2684,7 @@ Other than the JSON Schema subset fields, the following fields MAY be used for f | Field Name | Type | Description | | ----------------------------------------------- | :-----------------------------------------------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| nullable | `boolean` | A `true` value adds `"null"` to the allowed type specified by the `type` keyword, only if `type` is explicitly defined within the same Schema Object. Other Schema Object constraints retain their defined behavior, and therefore may disallow the use of `null` as a value. A `false` value leaves the specified or default `type` unmodified. The default value is `false`. | +| nullable | `boolean` | A `true` value adds `null` to the allowed values in addition to values of the type specified by the `type` keyword, and only if `type` is explicitly defined within the same Schema Object. Other Schema Object constraints retain their defined behavior, and therefore may disallow the use of `null` as a value. A `false` value leaves the specified or default `type` unmodified. The default value is `false`. | | discriminator | [Discriminator Object](#discriminator-object) | Adds support for polymorphism. The discriminator is used to determine which of a set of schemas a payload is expected to satisfy. See [Composition and Inheritance](#composition-and-inheritance-polymorphism) for more details. | | readOnly | `boolean` | Relevant only for Schema `"properties"` definitions. Declares the property as "read only". This means that it MAY be sent as part of a response but SHOULD NOT be sent as part of the request. If the property is marked as `readOnly` being `true` and is in the `required` list, the `required` will take effect on the response only. A property MUST NOT be marked as both `readOnly` and `writeOnly` being `true`. Default value is `false`. | | writeOnly | `boolean` | Relevant only for Schema `"properties"` definitions. Declares the property as "write only". Therefore, it MAY be sent as part of a request but SHOULD NOT be sent as part of the response. If the property is marked as `writeOnly` being `true` and is in the `required` list, the `required` will take effect on the request only. A property MUST NOT be marked as both `readOnly` and `writeOnly` being `true`. Default value is `false`. | From 9f1f1ebe151a05dee85ec4fd4fb3857169c107f6 Mon Sep 17 00:00:00 2001 From: Ralf Handl Date: Mon, 12 Aug 2024 13:20:36 +0200 Subject: [PATCH 190/251] Schema Object --- versions/3.0.4.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 7dca3d22cf..7d37d5c1bb 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -1816,13 +1816,13 @@ call. | Field Name | Type | Description | | -------------------------------------- | :------------------------------------------------------------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| default | [Response Object](#response-object) \| [Reference Object](#reference-object) | The documentation of responses other than the ones declared for specific HTTP response codes. Use this field to cover undeclared responses. A [Reference Object](#reference-object) can link to a response that the [OpenAPI Object's components/responses](#components-responses) section defines. | +| default | [Response Object](#response-object) \| [Reference Object](#reference-object) | The documentation of responses other than the ones declared for specific HTTP response codes. Use this field to cover undeclared responses. A [Reference Object](#reference-object) can link to a response that the [OpenAPI Object's `components.responses`](#components-responses) section defines. | ##### Patterned Fields | Field Pattern | Type | Description | | ---------------------------------------------------------- | :------------------------------------------------------------------------: | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| [HTTP Status Code](#http-status-codes) | [Response Object](#response-object) \| [Reference Object](#reference-object) | Any [HTTP status code](#http-status-codes) can be used as the property name, but only one property per code, to describe the expected response for that HTTP status code. A [Reference Object](#reference-object) can link to a response that is defined in the [OpenAPI Object's components/responses](#components-responses) section. This field MUST be enclosed in quotation marks (for example, "200") for compatibility between JSON and YAML. To define a range of response codes, this field MAY contain the uppercase wildcard character `X`. For example, `2XX` represents all response codes between `200` and `299`. Only the following range definitions are allowed: `1XX`, `2XX`, `3XX`, `4XX`, and `5XX`. If a response is defined using an explicit code, the explicit code definition takes precedence over the range definition for that code. | +| [HTTP Status Code](#http-status-codes) | [Response Object](#response-object) \| [Reference Object](#reference-object) | Any [HTTP status code](#http-status-codes) can be used as the property name, but only one property per code, to describe the expected response for that HTTP status code. A [Reference Object](#reference-object) can link to a response that is defined in the [OpenAPI Object's `components.responses`](#components-responses) section. This field MUST be enclosed in quotation marks (for example, "200") for compatibility between JSON and YAML. To define a range of response codes, this field MAY contain the uppercase wildcard character `X`. For example, `2XX` represents all response codes between `200` and `299`. Only the following range definitions are allowed: `1XX`, `2XX`, `3XX`, `4XX`, and `5XX`. If a response is defined using an explicit code, the explicit code definition takes precedence over the range definition for that code. | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -2667,12 +2667,12 @@ The following properties are taken from the JSON Schema definition but their def * oneOf - Inline or referenced schema MUST be of a [Schema Object](#schema-object) and not a standard JSON Schema. * anyOf - Inline or referenced schema MUST be of a [Schema Object](#schema-object) and not a standard JSON Schema. * not - Inline or referenced schema MUST be of a [Schema Object](#schema-object) and not a standard JSON Schema. -* items - Value MUST be an object and not an array. Inline or referenced schema MUST be of a [Schema Object](#schema-object) and not a standard JSON Schema. `items` MUST be present if the `type` is `array`. +* items - Value MUST be an object and not an array. Inline or referenced schema MUST be of a [Schema Object](#schema-object) and not a standard JSON Schema. `items` MUST be present if `type` is `"array"`. * properties - Property definitions MUST be a [Schema Object](#schema-object) and not a standard JSON Schema (inline or referenced). * additionalProperties - Value can be boolean or object. Inline or referenced schema MUST be of a [Schema Object](#schema-object) and not a standard JSON Schema. Consistent with JSON Schema, `additionalProperties` defaults to `true`. * description - [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. * format - See [Data Type Formats](#data-type-format) for further details. While relying on JSON Schema's defined formats, the OAS offers a few additional predefined formats. -* default - The default value represents what would be assumed by the consumer of the input as the value of the schema if one is not provided. Unlike JSON Schema, the value MUST conform to the defined type for the Schema Object defined at the same level. For example, if `type` is `string`, then `default` can be `"foo"` but cannot be `1`. +* default - The default value represents what would be assumed by the consumer of the input as the value of the schema if one is not provided. Unlike JSON Schema, the value MUST conform to the defined `type` for the Schema Object defined at the same level. For example, if `type` is `"string"`, then `default` can be `"foo"` but cannot be `1`. Alternatively, any time a Schema Object can be used, a [Reference Object](#reference-object) can be used in its place. This allows referencing definitions instead of defining them inline. @@ -2686,8 +2686,8 @@ Other than the JSON Schema subset fields, the following fields MAY be used for f | ----------------------------------------------- | :-----------------------------------------------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | nullable | `boolean` | A `true` value adds `null` to the allowed values in addition to values of the type specified by the `type` keyword, and only if `type` is explicitly defined within the same Schema Object. Other Schema Object constraints retain their defined behavior, and therefore may disallow the use of `null` as a value. A `false` value leaves the specified or default `type` unmodified. The default value is `false`. | | discriminator | [Discriminator Object](#discriminator-object) | Adds support for polymorphism. The discriminator is used to determine which of a set of schemas a payload is expected to satisfy. See [Composition and Inheritance](#composition-and-inheritance-polymorphism) for more details. | -| readOnly | `boolean` | Relevant only for Schema `"properties"` definitions. Declares the property as "read only". This means that it MAY be sent as part of a response but SHOULD NOT be sent as part of the request. If the property is marked as `readOnly` being `true` and is in the `required` list, the `required` will take effect on the response only. A property MUST NOT be marked as both `readOnly` and `writeOnly` being `true`. Default value is `false`. | -| writeOnly | `boolean` | Relevant only for Schema `"properties"` definitions. Declares the property as "write only". Therefore, it MAY be sent as part of a request but SHOULD NOT be sent as part of the response. If the property is marked as `writeOnly` being `true` and is in the `required` list, the `required` will take effect on the request only. A property MUST NOT be marked as both `readOnly` and `writeOnly` being `true`. Default value is `false`. | +| readOnly | `boolean` | Relevant only for Schema Object `properties` definitions. Declares the property as "read only". This means that it MAY be sent as part of a response but SHOULD NOT be sent as part of the request. If the property is marked as `readOnly` being `true` and is in the `required` list, the `required` will take effect on the response only. A property MUST NOT be marked as both `readOnly` and `writeOnly` being `true`. Default value is `false`. | +| writeOnly | `boolean` | Relevant only for Schema Object `properties` definitions. Declares the property as "write only". Therefore, it MAY be sent as part of a request but SHOULD NOT be sent as part of the response. If the property is marked as `writeOnly` being `true` and is in the `required` list, the `required` will take effect on the request only. A property MUST NOT be marked as both `readOnly` and `writeOnly` being `true`. Default value is `false`. | | xml | [XML Object](#xml-object) | This MAY be used only on properties schemas. It has no effect on root schemas. Adds additional metadata to describe the XML representation of this property. | | externalDocs | [External Documentation Object](#external-documentation-object) | Additional external documentation for this schema. | | example | Any | A free-form property to include an example of an instance for this schema. To represent examples that cannot be naturally represented in JSON or YAML, a string value can be used to contain the example with escaping where necessary. | @@ -3192,7 +3192,7 @@ See examples for expected behavior. | Field Name | Type | Description | | ------------------------------------ | :-------: | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| name | `string` | Replaces the name of the element/attribute used for the described schema property. When defined within `items`, it will affect the name of the individual XML elements within the list. When defined alongside `type` being `array` (outside the `items`), it will affect the wrapping element and only if `wrapped` is `true`. If `wrapped` is `false`, it will be ignored. | +| name | `string` | Replaces the name of the element/attribute used for the described schema property. When defined within `items`, it will affect the name of the individual XML elements within the list. When defined alongside `type` being `array` (outside the `items`), it will affect the wrapping element if and only if `wrapped` is `true`. If `wrapped` is `false`, it will be ignored. | | namespace | `string` | The URI of the namespace definition. Value MUST be in the form of a non-relative URI. | | prefix | `string` | The prefix to be used for the [name](#xml-name). | | attribute | `boolean` | Declares whether the property definition translates to an attribute instead of an element. Default value is `false`. | From 5a27cfdc3339bc63a3a5307b6cd89a85ac00795f Mon Sep 17 00:00:00 2001 From: Ralf Handl Date: Mon, 12 Aug 2024 13:35:48 +0200 Subject: [PATCH 191/251] Discriminator Object --- versions/3.0.4.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 7d37d5c1bb..0b2f0b7426 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -3097,9 +3097,9 @@ The expectation now is that a property with name `petType` _MUST_ be present in } ``` -Will indicate that the `Cat` schema is expected to match this payload. +will indicate that the `Cat` schema is expected to match this payload. -In scenarios where the value of the discriminator field does not match the schema name or implicit mapping is not possible, an optional `mapping` definition MAY be used: +In scenarios where the value of the `discriminator` field does not match the schema name or implicit mapping is not possible, an optional `mapping` definition MAY be used: ```yaml MyResponseType: @@ -3166,7 +3166,7 @@ Validated against the `Pet` schema, a payload like this: ```json { "petType": "Cat", - "name": "misty" + "name": "Misty" } ``` From b4926b4242372700c19bf925bf99c4174ae8f740 Mon Sep 17 00:00:00 2001 From: Ralf Handl Date: Mon, 12 Aug 2024 13:47:52 +0200 Subject: [PATCH 192/251] XML Object --- versions/3.0.4.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 0b2f0b7426..7dec9a1468 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -1085,7 +1085,7 @@ Serializing with `schema` is NOT RECOMMENDED for `in: "cookie"` parameters, `in: | Field Name | Type | Description | | -------------------------------------------------- | :--------------------------------------------------------------------------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | style | `string` | Describes how the parameter value will be serialized depending on the type of the parameter value. Default values (based on value of `in`): for `"query"` - `"form"`; for `"path"` - `"simple"`; for `"header"` - `"simple"`; for `"cookie"` - `"form"`. | -| explode | `boolean` | When this is true, parameter values of type `array` or `object` generate separate parameters for each value of the array or key-value pair of the map. For other types of parameters this property has no effect. When [`style`](#parameter-style) is `form`, the default value is `true`. For all other styles, the default value is `false`. Note that despite `false` being the default for `deepObject`, the combination of `false` with `deepObject` is undefined. | +| explode | `boolean` | When this is true, parameter values of type `array` or `object` generate separate parameters for each value of the array or key-value pair of the map. For other types of parameters this property has no effect. When [`style`](#parameter-style) is `"form"`, the default value is `true`. For all other styles, the default value is `false`. Note that despite `false` being the default for `deepObject`, the combination of `false` with `deepObject` is undefined. | | allowReserved | `boolean` | When this is true, parameter values are serialized using reserved expansion, as defined by [RFC6570](https://datatracker.ietf.org/doc/html/rfc6570#section-3.2.3), which allows [RFC3986's reserved character set](https://datatracker.ietf.org/doc/html/rfc3986#section-2.2), as well as percent-encoded triples, to pass through unchanged, while still percent-encoding all other disallowed characters (including `%` outside of percent-encoded triples). Applications are still responsible for percent-encoding reserved characters that are [not allowed in the query string](https://datatracker.ietf.org/doc/html/rfc3986#section-3.4) (`[`, `]`, `#`), or have a special meaning in `application/x-www-form-urlencoded` (`-`, `&`, `+`); see Appendices [C](#appendix-c-using-rfc6570-implementations) and [E](#appendix-e-percent-encoding-and-form-media-types) for details. This property only applies to parameters with an `in` value of `query`. The default value is `false`. | | schema | [Schema Object](#schema-object) \| [Reference Object](#reference-object) | The schema defining the type used for the parameter. | | example | Any | Example of the parameter's potential value; see [Working With Examples](#working-with-examples). | @@ -3192,11 +3192,11 @@ See examples for expected behavior. | Field Name | Type | Description | | ------------------------------------ | :-------: | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| name | `string` | Replaces the name of the element/attribute used for the described schema property. When defined within `items`, it will affect the name of the individual XML elements within the list. When defined alongside `type` being `array` (outside the `items`), it will affect the wrapping element if and only if `wrapped` is `true`. If `wrapped` is `false`, it will be ignored. | +| name | `string` | Replaces the name of the element/attribute used for the described schema property. When defined within `items`, it will affect the name of the individual XML elements within the list. When defined alongside `type` being `"array"` (outside the `items`), it will affect the wrapping element if and only if `wrapped` is `true`. If `wrapped` is `false`, it will be ignored. | | namespace | `string` | The URI of the namespace definition. Value MUST be in the form of a non-relative URI. | | prefix | `string` | The prefix to be used for the [name](#xml-name). | | attribute | `boolean` | Declares whether the property definition translates to an attribute instead of an element. Default value is `false`. | -| wrapped | `boolean` | MAY be used only for an array definition. Signifies whether the array is wrapped (for example, ``) or unwrapped (``). Default value is `false`. The definition takes effect only when defined alongside `type` being `array` (outside the `items`). | +| wrapped | `boolean` | MAY be used only for an array definition. Signifies whether the array is wrapped (for example, ``) or unwrapped (``). Default value is `false`. The definition takes effect only when defined alongside `type` being `"array"` (outside the `items`). | This object MAY be extended with [Specification Extensions](#specification-extensions). From 43039d0b1f094a283b226e2238b568d6769dc38c Mon Sep 17 00:00:00 2001 From: Ralf Handl Date: Mon, 12 Aug 2024 14:20:36 +0200 Subject: [PATCH 193/251] Security --- versions/3.0.4.md | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 7dec9a1468..31de6b5072 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -277,8 +277,8 @@ This object MAY be extended with [Specification Extensions](#specification-exten ```json { - "title": "Sample Pet Store App", - "description": "This is a sample server for a pet store.", + "title": "Example Pet Store App", + "description": "This is an example server for a pet store.", "termsOfService": "https://example.com/terms/", "contact": { "name": "API Support", @@ -294,8 +294,8 @@ This object MAY be extended with [Specification Extensions](#specification-exten ``` ```yaml -title: Sample Pet Store App -description: This is a sample server for a pet store. +title: Example Pet Store App +description: This is an example server for a pet store. termsOfService: https://example.com/terms/ contact: name: API Support @@ -2716,7 +2716,7 @@ The [XML Object](#xml-object) contains additional information about the availabl ##### Schema Object Examples -###### Primitive Sample +###### Primitive Example ```json { @@ -3545,7 +3545,7 @@ animals: Defines a security scheme that can be used by the operations. -Supported schemes are HTTP authentication, an API key (either as a header, a cookie parameter or as a query parameter), OAuth2's common flows (implicit, password, client credentials and authorization code) as defined in [RFC6749](https://tools.ietf.org/html/rfc6749), and [[OpenID-Connect-Core]]. +Supported schemes are HTTP authentication, an API key (either as a header, a cookie parameter, or as a query parameter), OAuth2's common flows (implicit, password, client credentials, and authorization code) as defined in [RFC6749](https://tools.ietf.org/html/rfc6749), and [[OpenID-Connect-Core]]. Please note that as of 2020, the implicit flow is about to be deprecated by [OAuth 2.0 Security Best Current Practice](https://tools.ietf.org/html/draft-ietf-oauth-security-topics). Recommended for most use cases is Authorization Code Grant flow with PKCE. ##### Fixed Fields @@ -3555,7 +3555,7 @@ Please note that as of 2020, the implicit flow is about to be deprecated by [OAu | type | `string` | Any | **REQUIRED**. The type of the security scheme. Valid values are `"apiKey"`, `"http"`, `"oauth2"`, `"openIdConnect"`. | | description | `string` | Any | A description for security scheme. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | | name | `string` | `apiKey` | **REQUIRED**. The name of the header, query or cookie parameter to be used. | -| in | `string` | `apiKey` | **REQUIRED**. The location of the API key. Valid values are `"query"`, `"header"` or `"cookie"`. | +| in | `string` | `apiKey` | **REQUIRED**. The location of the API key. Valid values are `"query"`, `"header"`, or `"cookie"`. | | scheme | `string` | `http` | **REQUIRED**. The name of the HTTP Authentication scheme to be used in the [Authorization header as defined in RFC7235](https://tools.ietf.org/html/rfc7235#section-5.1). The values used SHOULD be registered in the [IANA Authentication Scheme registry](https://www.iana.org/assignments/http-authschemes/http-authschemes.xhtml). The value is case-insensitive, as defined in [RFC7235](https://datatracker.ietf.org/doc/html/rfc7235#section-2.1). | | bearerFormat | `string` | `http` (`"bearer"`) | A hint to the client to identify how the bearer token is formatted. Bearer tokens are usually generated by an authorization server, so this information is primarily for documentation purposes. | | flows | [OAuth Flows Object](#oauth-flows-object) | `oauth2` | **REQUIRED**. An object containing configuration information for the flow types supported. | @@ -3563,9 +3563,9 @@ Please note that as of 2020, the implicit flow is about to be deprecated by [OAu This object MAY be extended with [Specification Extensions](#specification-extensions). -##### Security Scheme Object Example +##### Security Scheme Object Examples -###### Basic Authentication Sample +###### Basic Authentication Example ```json { @@ -3579,7 +3579,7 @@ type: http scheme: basic ``` -###### API Key Sample +###### API Key Example ```json { @@ -3595,7 +3595,7 @@ name: api-key in: header ``` -###### JWT Bearer Sample +###### JWT Bearer Example ```json { @@ -3611,7 +3611,7 @@ scheme: bearer bearerFormat: JWT ``` -###### Implicit OAuth2 Sample +###### Implicit OAuth2 Example ```json { @@ -3668,7 +3668,7 @@ Configuration details for a supported OAuth Flow This object MAY be extended with [Specification Extensions](#specification-extensions). -##### OAuth Flow Object Examples +##### OAuth Flow Object Example ```JSON { @@ -3780,7 +3780,7 @@ security: See [Resolving Implicit Connections](#resolving-implicit-connections) for more information. -First, our entry document is where parsing begins. It defines the `MySecurity` security scheme to be JWT-based, and it defines a Path Item as a reference to a component in another document: +First, our [entry document](#openapi-description-structure) is where parsing begins. It defines the `MySecurity` security scheme to be JWT-based, and it defines a Path Item as a reference to a component in another document: ```HTTP GET /api/description/openapi HTTP/1.1 @@ -3876,11 +3876,11 @@ In the `other` document, the referenced path item has a Security Requirement for While the OpenAPI Specification tries to accommodate most use cases, additional data can be added to extend the specification at certain points. -The extensions properties are implemented as patterned fields that are always prefixed by `"x-"`. +The extensions properties are implemented as patterned fields that are always prefixed by `x-`. | Field Pattern | Type | Description | | -------------------------------- | :--: | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| ^x- | Any | Allows extensions to the OpenAPI Schema. The field name MUST begin with `x-`, for example, `x-internal-id`. The value can be any valid JSON value (`null`, a primitive, an array or an object.) | +| ^x- | Any | Allows extensions to the OpenAPI Schema. The field name MUST begin with `x-`, for example, `x-internal-id`. The value can be any valid JSON value (`null`, a primitive, an array, or an object.) | The OpenAPI Initiative maintains several [[OpenAPI-Registry|extension registries]], including registries for [individual extension keywords](https://spec.openapis.org/registry/extension/) and [extension keyword namespaces](https://spec.openapis.org/registry/namespace/). From 9a6fa8e8a816ae915338e46baae5191f3612feab Mon Sep 17 00:00:00 2001 From: Ralf Handl Date: Mon, 12 Aug 2024 14:52:20 +0200 Subject: [PATCH 194/251] Appendix C --- versions/3.0.4.md | 50 +++++++++++++++++++++++------------------------ 1 file changed, 25 insertions(+), 25 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 31de6b5072..37696a531a 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -3950,10 +3950,10 @@ Certain properties allow the use of Markdown which can contain HTML including sc Serializing typed data to plain text, which can occur in `text/plain` message bodies or `multipart` parts, as well as in the `application/x-www-form-urlencoded` format in either URL query strings or message bodies, involves significant implementation- or application-defined behavior. -Schema Objects validate data based on the [JSON Schema data model](https://tools.ietf.org/html/draft-wright-json-schema-00#section-4.2), which only recognizes four primitive data types: strings (which are [only broadly interoperable as UTF-8](https://datatracker.ietf.org/doc/html/rfc7159#section-8.1)), numbers, booleans, and `null`. -Notably, integers are not a distinct type from other numbers, with `type: integer` being a convenience defined mathematically, rather than based on the presence or absence of a decimal point in any string representation. +[Schema Objects](#schema-object) validate data based on the [JSON Schema data model](https://tools.ietf.org/html/draft-wright-json-schema-00#section-4.2), which only recognizes four primitive data types: strings (which are [only broadly interoperable as UTF-8](https://datatracker.ietf.org/doc/html/rfc7159#section-8.1)), numbers, booleans, and `null`. +Notably, integers are not a distinct type from other numbers, with `type: "integer"` being a convenience defined mathematically, rather than based on the presence or absence of a decimal point in any string representation. -The [Parameter Object](#parameter-object), [Header Object](#header-object) and [Encoding Object](#encoding-object) offer features to control how to arrange values from array or object types. +The [Parameter Object](#parameter-object), [Header Object](#header-object), and [Encoding Object](#encoding-object) offer features to control how to arrange values from array or object types. They can also be used to control how strings are further encoded to avoid reserved or illegal characters. However, there is no general-purpose specification for converting schema-validated non-UTF-8 primitive data types (or entire arrays or objects) to strings. @@ -3965,7 +3965,7 @@ Two cases do offer standards-based guidance: Implementations of RFC6570 often have their own conventions for converting non-string values, but these are implementation-specific and not defined by the RFC itself. This is one reason for the OpenAPI Specification to leave these conversions as implementation-defined: It allows using RFC6570 implementations regardless of how they choose to perform the conversions. -To control the serialization of numbers, booleans, and `null` (or other values RFC6570 deems to be undefined) more precisely, schemas can be defined as `type: string` and constrained using `pattern`, `enum`, `format`, and other keywords to communicate how applications must pre-convert their data prior to schema validation. +To control the serialization of numbers, booleans, and `null` (or other values RFC6570 deems to be undefined) more precisely, schemas can be defined as `type: "string"` and constrained using `pattern`, `enum`, `format`, and other keywords to communicate how applications must pre-convert their data prior to schema validation. The resulting strings would not require any further type conversion. The `format` keyword can assist in serialization. @@ -3976,7 +3976,7 @@ Requiring input as pre-formatted, schema-validated strings also improves round-t ## Appendix C: Using RFC6570 Implementations -Serialization is defined in terms of RFC6570 URI Templates in two scenarios: +Serialization is defined in terms of [RFC6570](https://www.rfc-editor.org/rfc/rfc6570) URI Templates in two scenarios: | Object | Condition | | ------------------------------------ | ---------------------------------------------------------------------------------------------------------------- | @@ -3985,27 +3985,27 @@ Serialization is defined in terms of RFC6570 URI Templates in two scenarios: Implementations of this specification MAY use an implementation of RFC6570 to perform variable expansion, however, some caveats apply. -Note that when using `style: form` RFC6570 expansion to produce an `application/x-www-form-urlencoded` HTTP message body, it is necessary to remove the `?` prefix that is produced to satisfy the URI query string syntax. +Note that when using `style: "form"` RFC6570 expansion to produce an `application/x-www-form-urlencoded` HTTP message body, it is necessary to remove the `?` prefix that is produced to satisfy the URI query string syntax. Note also that not all RFC6570 implementations support all four levels of operators, all of which are needed to fully support the OpenAPI Specification's usage. Using an implementation with a lower level of support will require additional manual construction of URI Templates to work around the limitations. ### Equivalences Between Fields and RFC6570 Operators -Certain field values translate to RFC6570 operators (or lack thereof): +Certain field values translate to RFC6570 [operators](https://datatracker.ietf.org/doc/html/rfc6570#section-2.2) (or lack thereof): -| field | value | equivalent | -| ------------- | ------- | ------------------- | -| style | simple | _n/a_ | -| style | matrix | `;` prefix operator | -| style | label | `.` prefix operator | -| style | form | `?` prefix operator | -| allowReserved | `false` | _n/a_ | -| allowReserved | `true` | `+` prefix operator | -| explode | `false` | _n/a_ | -| explode | `true` | `*` modifier suffix | +| field | value | equivalent | +| ------------- | ---------- | ------------------- | +| style | `"simple"` | _n/a_ | +| style | `"matrix"` | `;` prefix operator | +| style | `"label"` | `.` prefix operator | +| style | `"form"` | `?` prefix operator | +| allowReserved | `false` | _n/a_ | +| allowReserved | `true` | `+` prefix operator | +| explode | `false` | _n/a_ | +| explode | `true` | `*` modifier suffix | -Multiple `style: form` parameters are equivalent to a single RFC6570 [variable list](https://www.rfc-editor.org/rfc/rfc6570#section-2.2) using the `?` prefix operator: +Multiple `style: "form"` parameters are equivalent to a single RFC6570 [variable list](https://www.rfc-editor.org/rfc/rfc6570#section-2.2) using the `?` prefix operator: ```YAML parameters: @@ -4027,7 +4027,7 @@ Note that RFC6570 does not specify behavior for compound values beyond the singl ### Non-RFC6570 Field Values and Combinations -Configurations with no direct RFC6570 equivalent SHOULD also be handled according to RFC6570. +Configurations with no direct [RFC6570](https://datatracker.ietf.org/doc/html/rfc6570) equivalent SHOULD also be handled according to RFC6570. Implementations MAY create a properly delimited URI Template with variables for individual names and values using RFC6570 regular or reserved expansion (based on `allowReserved`). This includes: @@ -4036,7 +4036,7 @@ This includes: * the combination of the style `form` with `allowReserved: true`, which is not allowed because only one prefix operator can be used at a time * any parameter name that is not a legal RFC6570 variable name -The Parameter Object's `name` field has a much more permissive syntax than [RFC6570 variable name syntax](https://www.rfc-editor.org/rfc/rfc6570#section-2.3). +The Parameter Object's `name` field has a much more permissive syntax than RFC6570 [variable name syntax](https://www.rfc-editor.org/rfc/rfc6570#section-2.3). A parameter name that includes characters outside of the allowed RFC6570 variable character set MUST be percent-encoded before it can be used in a URI Template. ### Examples @@ -4056,7 +4056,7 @@ words: #### RFC6570-Equivalent Expansion -This array of Parameter Objects uses regular `style: "form"` expansion, fully supported by RFC6570: +This array of Parameter Objects uses regular `style: "form"` expansion, fully supported by [RFC6570](https://datatracker.ietf.org/doc/html/rfc6570): ```YAML parameters: @@ -4090,7 +4090,7 @@ when expanded with the data given earlier, we get: #### Expansion With Non-RFC6570-Supported Options But now let's say that (for some reason), we really want that `/` in the `b` formula to show up as-is in the query string, and we want our words to be space-separated like in a written phrase. -To do that, we'll add `allowReserved: true` to `formulas`, and change to `style: spaceDelimited` for `words`: +To do that, we'll add `allowReserved: true` to `formulas`, and change to `style: "spaceDelimited"` for `words`: ```YAML parameters: @@ -4111,7 +4111,7 @@ parameters: type: string ``` -We can't combine the `?` and `+` RFC6570 prefixes, and there's no way with RFC6570 to replace the `,` separator with a space character. +We can't combine the `?` and `+` RFC6570 [prefixes](https://datatracker.ietf.org/doc/html/rfc6570#section-2.4.1), and there's no way with RFC6570 to replace the `,` separator with a space character. So we need to restructure the data to fit a manually constructed URI Template that passes all of the pieces through the right sort of expansion. Here is one such template, using a made-up convention of `words.0` for the first entry in the words value, `words.1` for the second, and `words.2` for the third: @@ -4150,7 +4150,7 @@ The `/` and the pre-percent-encoded `%2B` have been left alone, but the disallow #### Undefined Values and Manual URI Template Construction -Care must be taken when manually constructing templates to handle the values that [RFC6570 considers to be _undefined_](https://datatracker.ietf.org/doc/html/rfc6570#section-2.3) correctly: +Care must be taken when manually constructing templates to handle the values that RFC6570 [considers to be _undefined_](https://datatracker.ietf.org/doc/html/rfc6570#section-2.3) correctly: ```YAML formulas: {} @@ -4198,7 +4198,7 @@ parameters: type: string ``` -We can't just pass `❤️: love!` to an RFC6570 implementation. +We can't just pass `❤️: "love!"` to an RFC6570 implementation. Instead, we have to pre-percent-encode the name (which is a six-octet UTF-8 sequence) in both the data and the URI Template: ```YAML From 8f2bb4485c0e5d029ee6fdc561586d6c0f32b5f7 Mon Sep 17 00:00:00 2001 From: Ralf Handl Date: Mon, 12 Aug 2024 15:00:37 +0200 Subject: [PATCH 195/251] Appendix D --- versions/3.0.4.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 37696a531a..9ca976dcbe 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -4217,24 +4217,24 @@ This will expand to the result: ## Appendix D: Serializing Headers and Cookies -RFC6570's percent-encoding behavior is not always appropriate for `in: "header"` and `in: "cookie"` parameters. +[RFC6570](https://www.rfc-editor.org/rfc/rfc6570)'s percent-encoding behavior is not always appropriate for `in: "header"` and `in: "cookie"` parameters. In many cases, it is more appropriate to use `content` with a media type such as `text/plain` and require the application to assemble the correct string. -For both cookies ([RFC6265](https://www.rfc-editor.org/rfc/rfc6265)) and HTTP headers using the structured fields ([RFC8941](https://www.rfc-editor.org/rfc/rfc8941)) syntax, non-ASCII content is handled using base64 encoding (`format: "byte"`). -Note that the standard base64 encoding alphabet includes non-URL-safe characters that are percent-encoded by RFC6570 expansion; serializing values through both encodings is NOT RECOMMENDED. +For both [RFC6265](https://www.rfc-editor.org/rfc/rfc6265) cookies and HTTP headers using the [RFC8941](https://www.rfc-editor.org/rfc/rfc8941) structured fields syntax, non-ASCII content is handled using base64 encoding (`format: "byte"`). +Note that the standard base64-encoding alphabet includes non-URL-safe characters that are percent-encoded by RFC6570 expansion; serializing values through both encodings is NOT RECOMMENDED. Most HTTP headers predate the structured field syntax, and a comprehensive assessment of their syntax and encoding rules is well beyond the scope of this specification. -While [RFC8187](https://www.rfc-editor.org/rfc/rfc8187) recommends percent-encoding HTTP field (header or trailer) parameters, these parameters appear after a `;` character. +While [RFC8187](https://www.rfc-editor.org/rfc/rfc8187) recommends percent-encoding HTTP (header or trailer) field parameters, these parameters appear after a `;` character. With `style: "simple"`, that delimiter would itself be percent-encoded, violating the general HTTP field syntax. Using `style: "form"` with `in: "cookie"` is ambiguous for a single value, and incorrect for multiple values. This is true whether the multiple values are the result of using `explode: true` or not. -This style is specified to be equivalent to RFC6570 form expansion which includes the `?` character (see Appendix C for more details), which is not part of the cookie syntax. +This style is specified to be equivalent to RFC6570 form expansion which includes the `?` character (see [Appendix C](#appendix-c-using-rfc6570-implementations) for more details), which is not part of the cookie syntax. However, examples of this style in past versions of this specification have not included the `?` prefix, suggesting that the comparison is not exact. Because implementations that rely on an RFC6570 implementation and those that perform custom serialization based on the style example will produce different results, it is implementation-defined as to which of the two results is correct. -For multiple values, `style: form` is always incorrect as name=value pairs in cookies are delimited by `;` (a semicolon followed by a space character) rather than `&`. +For multiple values, `style: "form"` is always incorrect as name=value pairs in cookies are delimited by `;` (a semicolon followed by a space character) rather than `&`. ## Appendix E: Percent-Encoding and Form Media Types From f1bdced85ca62565e6d62de7ec6d256080151127 Mon Sep 17 00:00:00 2001 From: Ralf Handl Date: Mon, 12 Aug 2024 15:50:44 +0200 Subject: [PATCH 196/251] Appendix E --- versions/3.0.4.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 9ca976dcbe..b6bec62da9 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -4276,28 +4276,28 @@ This specification normatively cites the following relevant standards: | Specification | Date | OAS Usage | Percent-Encoding | Notes | | ---------------------------------------------------------------------- | ------- | --------------------------- | ---------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| [[RFC3986]] | 01/2005 | URI/URL syntax | [[RFC3986]] | obsoletes [[RFC1738]], [[RFC2396]] | -| [[RFC6570]] | 03/2012 | style-based serialization | [[RFC3986]] | does not use `+` for form‑urlencoded | +| [RFC3986](https://www.rfc-editor.org/rfc/rfc3986) | 01/2005 | URI/URL syntax | [[RFC3986]] | obsoletes [[RFC1738]], [[RFC2396]] | +| [RFC6570](https://www.rfc-editor.org/rfc/rfc6570) | 03/2012 | style-based serialization | [[RFC3986]] | does not use `+` for form‑urlencoded | | [RFC1866](https://datatracker.ietf.org/doc/html/rfc1866#section-8.2.1) | 11/1995 | content-based serialization | [[RFC1738]] | obsoleted by [[HTML401]] [Section 17.13.4.1](https://www.w3.org/TR/html401/interact/forms.html#h-17.13.4.1), [[URL]] [Section 5](https://url.spec.whatwg.org/#urlencoded-serializing) | Style-based serialization is used in the [Parameter Object](#parameter-object) when `schema` is present, and in the [Encoding Object](#encoding-object) when at least one of `style`, `explode`, or `allowReserved` is present. See [Appendix C](#appendix-c-using-rfc6570-implementations) for more details of RFC6570's two different approaches to percent-encoding, including an example involving `+`. -Content-based serialization is defined by the [Media Type Object](#media-type-object), and used with the [Parameter Object](#parameter-object) when the `content` field is present, and with the [Encoding Object](#encoding-object) based on the `contentType` field when the style fields listed in the previous section are absent. +Content-based serialization is defined by the [Media Type Object](#media-type-object), and used with the [Parameter Object](#parameter-object) when the `content` field is present, and with the [Encoding Object](#encoding-object) based on the `contentType` field when the fields `style`, `explode`, and `allowReserved` are absent. Each part is encoded based on the media type (e.g. `text/plain` or `application/json`), and must then be percent-encoded for use in a `form-urlencoded` string. Note that content-based serialization for `form-data` does not expect or require percent-encoding in the data, only in per-part header values. #### Interoperability with Historical Specifications -In most cases, generating query strings in strict compliance with RFC3986 is sufficient to pass validation (including JSON Schema's `format: uri` and `format: uri-reference`), but some `form-urlencoded` implementations still expect the slightly more restrictive RFC1738 rules to be used. +In most cases, generating query strings in strict compliance with [[RFC3986]] is sufficient to pass validation (including JSON Schema's `format: "uri"` and `format: "uri-reference"`), but some `form-urlencoded` implementations still expect the slightly more restrictive [[RFC1738]] rules to be used. Since all RFC1738-compliant URIs are compliant with RFC3986, applications needing to ensure historical interoperability SHOULD use RFC1738's rules. #### Interoperability with Web Browser Environments WHATWG is a [web browser-oriented](https://whatwg.org/faq#what-is-the-whatwg-working-on) standards group that has defined a "URL Living Standard" for parsing and serializing URLs in a browser context, including parsing and serializing `form-urlencoded` data. -WHATWG's percent-encoding rules for query strings are different depending on whether the query string is [being treated as `form-urlencoded`](https://url.spec.whatwg.org/#application-x-www-form-urlencoded-percent-encode-set) (where it requires more percent-encoding than RFC1738) or [as part of the generic syntax](https://url.spec.whatwg.org/#query-percent-encode-set), where it allows characters that RFC3986 forbids. +WHATWG's percent-encoding rules for query strings are different depending on whether the query string is [being treated as `form-urlencoded`](https://url.spec.whatwg.org/#application-x-www-form-urlencoded-percent-encode-set) (where it requires more percent-encoding than [[RFC1738]]) or [as part of the generic syntax](https://url.spec.whatwg.org/#query-percent-encode-set), where it allows characters that [[RFC3986]] forbids. Implementations needing maximum compatibility with web browsers SHOULD use WHATWG's `form-urlencoded` percent-encoding rules. However, they SHOULD NOT rely on WHATWG's less stringent generic query string rules, as the resulting URLs would fail RFC3986 validation, including JSON Schema's `format: uri` and `format: uri-reference`. @@ -4312,7 +4312,7 @@ However, care must be taken to use `form-urlencoded` decoding if `+` represents ### Percent-Encoding and Illegal or Reserved Delimiters -The `[` and `]`, `|`, and space characters, which are used as delimiters for the `deepObject`, `pipeDelimited`, and `spaceDelimited` styles, respectively, all MUST be percent-encoded to comply with RFC3986. +The `[`, `]`, `|`, and space characters, which are used as delimiters for the `deepObject`, `pipeDelimited`, and `spaceDelimited` styles, respectively, all MUST be percent-encoded to comply with[[RFC3986]]. This requires users to pre-encode the character(s) in some other way in parameter names and values to distinguish them from the delimiter usage when using one of these styles. The space character is always illegal and encoded in some way by all implementations of all versions of the relevant standards. From 8a8d9bbae2cf6018d2030ad95987b19ecc8b964d Mon Sep 17 00:00:00 2001 From: Ralf Handl Date: Mon, 12 Aug 2024 16:23:08 +0200 Subject: [PATCH 197/251] Field instead of attribute --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index b6bec62da9..6a3a03e94c 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -1419,7 +1419,7 @@ See [Working With Examples](#working-with-examples) for further guidance regardi | schema | [Schema Object](#schema-object) \| [Reference Object](#reference-object) | The schema defining the content of the request, response, parameter, or header. | | example | Any | Example of the media type; see [Working With Examples](#working-with-examples). | | examples | Map[ `string`, [Example Object](#example-object) \| [Reference Object](#reference-object)] | Examples of the media type; see [Working With Examples](#working-with-examples). | -| encoding | Map[`string`, [Encoding Object](#encoding-object)] | A map between a property name and its encoding information. The key, being the property name, MUST exist in the schema as a property. The encoding attribute SHALL only apply to [Request Body Objects](#request-body-object), and only when the media type is `multipart` or `application/x-www-form-urlencoded`. If no Encoding Object is provided for a property, the behavior is determined by the default values documented for the Encoding Object. | +| encoding | Map[`string`, [Encoding Object](#encoding-object)] | A map between a property name and its encoding information. The key, being the property name, MUST exist in the schema as a property. The `encoding` field SHALL only apply to [Request Body Objects](#request-body-object), and only when the media type is `multipart` or `application/x-www-form-urlencoded`. If no Encoding Object is provided for a property, the behavior is determined by the default values documented for the Encoding Object. | This object MAY be extended with [Specification Extensions](#specification-extensions). From e284595ab683cfaccab1b1b057e274fc3b0309b2 Mon Sep 17 00:00:00 2001 From: Ralf Handl Date: Tue, 13 Aug 2024 08:36:43 +0200 Subject: [PATCH 198/251] Henry's proposal on nullable --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 6a3a03e94c..1fbb207b7e 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -2684,7 +2684,7 @@ Other than the JSON Schema subset fields, the following fields MAY be used for f | Field Name | Type | Description | | ----------------------------------------------- | :-----------------------------------------------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| nullable | `boolean` | A `true` value adds `null` to the allowed values in addition to values of the type specified by the `type` keyword, and only if `type` is explicitly defined within the same Schema Object. Other Schema Object constraints retain their defined behavior, and therefore may disallow the use of `null` as a value. A `false` value leaves the specified or default `type` unmodified. The default value is `false`. | +| nullable | `boolean` | This keyword only takes effect if `type` is explicitly defined within the same Schema Object. A `true` value indicates that both `null` values and values of the type specified by `type` are allowed. Other Schema Object constraints retain their defined behavior, and therefore may disallow the use of `null` as a value. A `false` value leaves the specified or default `type` unmodified. The default value is `false`. | | discriminator | [Discriminator Object](#discriminator-object) | Adds support for polymorphism. The discriminator is used to determine which of a set of schemas a payload is expected to satisfy. See [Composition and Inheritance](#composition-and-inheritance-polymorphism) for more details. | | readOnly | `boolean` | Relevant only for Schema Object `properties` definitions. Declares the property as "read only". This means that it MAY be sent as part of a response but SHOULD NOT be sent as part of the request. If the property is marked as `readOnly` being `true` and is in the `required` list, the `required` will take effect on the response only. A property MUST NOT be marked as both `readOnly` and `writeOnly` being `true`. Default value is `false`. | | writeOnly | `boolean` | Relevant only for Schema Object `properties` definitions. Declares the property as "write only". Therefore, it MAY be sent as part of a request but SHOULD NOT be sent as part of the response. If the property is marked as `writeOnly` being `true` and is in the `required` list, the `required` will take effect on the request only. A property MUST NOT be marked as both `readOnly` and `writeOnly` being `true`. Default value is `false`. | From ba7276521093988cd4db06d039d1103a9af05a93 Mon Sep 17 00:00:00 2001 From: Ralf Handl Date: Thu, 15 Aug 2024 09:59:10 +0200 Subject: [PATCH 199/251] Replace "property" with "field" or "keyword" --- versions/3.0.4.md | 70 +++++++++++++++++++++++------------------------ 1 file changed, 35 insertions(+), 35 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 1fbb207b7e..951b89382c 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -152,7 +152,7 @@ This is unambiguous because only the entry document's Paths Object contributes U It is RECOMMENDED to consider all Operation Objects from all parsed documents when resolving any Link Object `operationId`. This requires parsing all referenced documents prior to determining an `operationId` to be unresolvable. -The implicit connections in the Security Requirement Object and Discriminator Object rely on the _component name_, which is the property name holding the component in the appropriately typed sub-object of the Components Object. +The implicit connections in the Security Requirement Object and Discriminator Object rely on the _component name_, which is the name of the property holding the component in the appropriately typed sub-object of the Components Object. For example, the component name of the Schema Object at `#/components/schemas/Foo` is `Foo`. The implicit connection of `tags` in the Operation Object uses the `name` field of Tag Objects, which (like the Components Object) are found under the root OpenAPI Object. This means resolving component names and tag names both depend on starting from the correct OpenAPI Object. @@ -177,13 +177,13 @@ Note that `integer` as a type is also supported and is defined as a JSON number `null` is not supported as a type (see [`nullable`](#schema-nullable) for an alternative solution). Models are defined using the [Schema Object](#schema-object), which is an extended subset of JSON Schema Specification Wright Draft 00. -Data types can have an optional modifier property: `format`. +Data types can have an optional modifier keyword: `format`. OAS uses several known formats to define in fine detail the data type being used. -However, to support documentation needs, the `format` property is an open `string`-valued property, and can have any value. +However, to support documentation needs, the `format` keyword is open `string`-valued and can have any value. Formats such as `"email"`, `"uuid"`, and so on, MAY be used even though they are not defined by this specification. The OpenAPI Initiative also hosts a [Format Registry](https://spec.openapis.org/registry/format/) for formats defined by OAS users and other specifications. Support for any registered format is strictly OPTIONAL, and support for one registered format does not imply support for any others. -Types that are not accompanied by a `format` property follow the type definition in the JSON Schema. Tools that do not recognize a specific `format` MAY default back to the `type` alone, as if the `format` is not specified. +Types that are not accompanied by a `format` keyword follow the type definition in the JSON Schema. Tools that do not recognize a specific `format` MAY default back to the `type` alone, as if the `format` is not specified. The formats defined by the OAS are: @@ -220,7 +220,7 @@ OpenAPI Description authors SHOULD consider how text using such extensions will ### Relative References in URLs -Unless specified otherwise, all properties that are URLs MAY be relative references as defined by [RFC3986](https://tools.ietf.org/html/rfc3986#section-4.2). +Unless specified otherwise, all fields that are URLs MAY be relative references as defined by [RFC3986](https://tools.ietf.org/html/rfc3986#section-4.2). Relative references are resolved using the URLs defined in the [Server Object](#server-object) as a Base URI. Relative references used in `$ref` are processed as per [JSON Reference](https://tools.ietf.org/html/draft-pbryan-zyp-json-ref-03), using the URL of the current document as the base URI. See also the [Reference Object](#reference-object). @@ -246,7 +246,7 @@ This is the root object of the [OpenAPI document](#openapi-description). | ------------------------------------------ | :-----------------------------------------------------------: | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | openapi | `string` | **REQUIRED**. This string MUST be the [version number](#versions) of the OpenAPI Specification that the OpenAPI document uses. The `openapi` field SHOULD be used by tooling to interpret the OpenAPI document. This is _not_ related to the API [`info.version`](#info-version) string. | | info | [Info Object](#info-object) | **REQUIRED**. Provides metadata about the API. The metadata MAY be used by tooling as required. | -| servers | [[Server Object](#server-object)] | An array of Server Objects, which provide connectivity information to a target server. If the `servers` property is not provided, or is an empty array, the default value would be a [Server Object](#server-object) with a [url](#server-url) value of `/`. | +| servers | [[Server Object](#server-object)] | An array of Server Objects, which provide connectivity information to a target server. If the `servers` field is not provided, or is an empty array, the default value would be a [Server Object](#server-object) with a [url](#server-url) value of `/`. | | paths | [Paths Object](#paths-object) | **REQUIRED**. The available paths and operations for the API. | | components | [Components Object](#components-object) | An element to hold various schemas for the document. | | security | [[Security Requirement Object](#security-requirement-object)] | A declaration of which security mechanisms can be used across the API. The list of values includes alternative Security Requirement Objects that can be used. Only one of the Security Requirement Objects need to be satisfied to authorize a request. Individual operations can override this definition. To make security optional, an empty security requirement (`{}`) can be included in the array. | @@ -487,7 +487,7 @@ This object MAY be extended with [Specification Extensions](#specification-exten #### Components Object Holds a set of reusable objects for different aspects of the OAS. -All objects defined within the Components Object will have no effect on the API unless they are explicitly referenced from properties outside the Components Object. +All objects defined within the Components Object will have no effect on the API unless they are explicitly referenced from outside the Components Object. ##### Fixed Fields @@ -1063,12 +1063,12 @@ These fields MAY be used with either `content` or `schema`. | Field Name | Type | Description | | ------------------------------------------------------- | :-------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| name | `string` | **REQUIRED**. The name of the parameter. Parameter names are _case sensitive_.
  • If [`in`](#parameter-in) is `"path"`, the `name` field MUST correspond to a template expression occurring within the [path](#paths-path) field in the [Paths Object](#paths-object). See [Path Templating](#path-templating) for further information.
  • If [`in`](#parameter-in) is `"header"` and the `name` field is `"Accept"`, `"Content-Type"` or `"Authorization"`, the parameter definition SHALL be ignored.
  • For all other cases, the `name` corresponds to the parameter name used by the [`in`](#parameter-in) property.
| +| name | `string` | **REQUIRED**. The name of the parameter. Parameter names are _case sensitive_.
  • If [`in`](#parameter-in) is `"path"`, the `name` field MUST correspond to a template expression occurring within the [path](#paths-path) field in the [Paths Object](#paths-object). See [Path Templating](#path-templating) for further information.
  • If [`in`](#parameter-in) is `"header"` and the `name` field is `"Accept"`, `"Content-Type"` or `"Authorization"`, the parameter definition SHALL be ignored.
  • For all other cases, the `name` corresponds to the parameter name used by the [`in`](#parameter-in) field.
| | in | `string` | **REQUIRED**. The location of the parameter. Possible values are `"query"`, `"header"`, `"path"` or `"cookie"`. | | description | `string` | A brief description of the parameter. This could contain examples of use. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | -| required | `boolean` | Determines whether this parameter is mandatory. If the [parameter location](#parameter-in) is `"path"`, this property is **REQUIRED** and its value MUST be `true`. Otherwise, the property MAY be included and its default value is `false`. | +| required | `boolean` | Determines whether this parameter is mandatory. If the [parameter location](#parameter-in) is `"path"`, this field is **REQUIRED** and its value MUST be `true`. Otherwise, the field MAY be included and its default value is `false`. | | deprecated | `boolean` | Specifies that a parameter is deprecated and SHOULD be transitioned out of usage. Default value is `false`. | -| allowEmptyValue | `boolean` | If `true`, clients MAY pass a zero-length string value in place of parameters that would otherwise be omitted entirely, which the server SHOULD interpret as the parameter being unused. Default value is `false`. If [`style`](#parameter-style) is used, and if [behavior is _n/a_ (cannot be serialized)](#style-examples), the value of `allowEmptyValue` SHALL be ignored. Interactions between this field and the parameter's [Schema Object](#schema-object) are implementation-defined. This field is valid only for `query` parameters. Use of this property is NOT RECOMMENDED, and it is likely to be removed in a later revision. | +| allowEmptyValue | `boolean` | If `true`, clients MAY pass a zero-length string value in place of parameters that would otherwise be omitted entirely, which the server SHOULD interpret as the parameter being unused. Default value is `false`. If [`style`](#parameter-style) is used, and if [behavior is _n/a_ (cannot be serialized)](#style-examples), the value of `allowEmptyValue` SHALL be ignored. Interactions between this field and the parameter's [Schema Object](#schema-object) are implementation-defined. This field is valid only for `query` parameters. Use of this field is NOT RECOMMENDED, and it is likely to be removed in a later revision. | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -1085,8 +1085,8 @@ Serializing with `schema` is NOT RECOMMENDED for `in: "cookie"` parameters, `in: | Field Name | Type | Description | | -------------------------------------------------- | :--------------------------------------------------------------------------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | style | `string` | Describes how the parameter value will be serialized depending on the type of the parameter value. Default values (based on value of `in`): for `"query"` - `"form"`; for `"path"` - `"simple"`; for `"header"` - `"simple"`; for `"cookie"` - `"form"`. | -| explode | `boolean` | When this is true, parameter values of type `array` or `object` generate separate parameters for each value of the array or key-value pair of the map. For other types of parameters this property has no effect. When [`style`](#parameter-style) is `"form"`, the default value is `true`. For all other styles, the default value is `false`. Note that despite `false` being the default for `deepObject`, the combination of `false` with `deepObject` is undefined. | -| allowReserved | `boolean` | When this is true, parameter values are serialized using reserved expansion, as defined by [RFC6570](https://datatracker.ietf.org/doc/html/rfc6570#section-3.2.3), which allows [RFC3986's reserved character set](https://datatracker.ietf.org/doc/html/rfc3986#section-2.2), as well as percent-encoded triples, to pass through unchanged, while still percent-encoding all other disallowed characters (including `%` outside of percent-encoded triples). Applications are still responsible for percent-encoding reserved characters that are [not allowed in the query string](https://datatracker.ietf.org/doc/html/rfc3986#section-3.4) (`[`, `]`, `#`), or have a special meaning in `application/x-www-form-urlencoded` (`-`, `&`, `+`); see Appendices [C](#appendix-c-using-rfc6570-implementations) and [E](#appendix-e-percent-encoding-and-form-media-types) for details. This property only applies to parameters with an `in` value of `query`. The default value is `false`. | +| explode | `boolean` | When this is true, parameter values of type `array` or `object` generate separate parameters for each value of the array or key-value pair of the map. For other types of parameters this field has no effect. When [`style`](#parameter-style) is `"form"`, the default value is `true`. For all other styles, the default value is `false`. Note that despite `false` being the default for `deepObject`, the combination of `false` with `deepObject` is undefined. | +| allowReserved | `boolean` | When this is true, parameter values are serialized using reserved expansion, as defined by [RFC6570](https://datatracker.ietf.org/doc/html/rfc6570#section-3.2.3), which allows [RFC3986's reserved character set](https://datatracker.ietf.org/doc/html/rfc3986#section-2.2), as well as percent-encoded triples, to pass through unchanged, while still percent-encoding all other disallowed characters (including `%` outside of percent-encoded triples). Applications are still responsible for percent-encoding reserved characters that are [not allowed in the query string](https://datatracker.ietf.org/doc/html/rfc3986#section-3.4) (`[`, `]`, `#`), or have a special meaning in `application/x-www-form-urlencoded` (`-`, `&`, `+`); see Appendices [C](#appendix-c-using-rfc6570-implementations) and [E](#appendix-e-percent-encoding-and-form-media-types) for details. This field only applies to parameters with an `in` value of `query`. The default value is `false`. | | schema | [Schema Object](#schema-object) \| [Reference Object](#reference-object) | The schema defining the type used for the parameter. | | example | Any | Example of the parameter's potential value; see [Working With Examples](#working-with-examples). | | examples | Map[ `string`, [Example Object](#example-object) \| [Reference Object](#reference-object)] | Examples of the parameter's potential value; see [Working With Examples](#working-with-examples). | @@ -1095,7 +1095,7 @@ See also [Appendix C: Using RFC6570 Implementations](#appendix-c-using-rfc6570-i ###### Fixed Fields for use with `content` -For more complex scenarios, the [`content`](#parameter-content) property can define the media type and schema of the parameter, as well as give examples of its use. +For more complex scenarios, the [`content`](#parameter-content) field can define the media type and schema of the parameter, as well as give examples of its use. Using `content` with a `text/plain` media type is RECOMMENDED for `in: "header"` and `in: "cookie"` parameters where the `schema` strategy is not appropriate. | Field Name | Type | Description | @@ -1556,13 +1556,13 @@ These fields MAY be used either with or without the RFC6570-style serialization | Field Name | Type | Description | | --------------------------------------------- | :-----------------------------------------------------------------------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | contentType | `string` | The `Content-Type` for encoding a specific property. The value is a comma-separated list, each element of which is either a specific media type (e.g. `image/png`) or a wildcard media type (e.g. `image/*`). Default value depends on the property type as shown in the table below. | -| headers | Map[`string`, [Header Object](#header-object) \| [Reference Object](#reference-object)] | A map allowing additional information to be provided as headers. `Content-Type` is described separately and SHALL be ignored in this section. This property SHALL be ignored if the request body media type is not a `multipart`. | +| headers | Map[`string`, [Header Object](#header-object) \| [Reference Object](#reference-object)] | A map allowing additional information to be provided as headers. `Content-Type` is described separately and SHALL be ignored in this section. This field SHALL be ignored if the request body media type is not a `multipart`. | This object MAY be extended with [Specification Extensions](#specification-extensions). The default values for `contentType` are as follows, where an _n/a_ in the `format` column means that the presence or value of `format` is irrelevant: -| Property `type` | Property `format` | Default `contentType` | +| `type` | `format` | Default `contentType` | | --------------------------------- | ---------------------------------------- | ---------------------------------------------------------- | | `string` | `binary` _or_ `byte` | `application/octet-stream` | | `string` | _none, or any except `binary` or `byte`_ | `text/plain` | @@ -1578,9 +1578,9 @@ See [Appendix B](#appendix-b-data-type-conversion) for a discussion of data type | Field Name | Type | Description | | ------------------------------------------------- | :-------: | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| style | `string` | Describes how a specific property value will be serialized depending on its type. See [Parameter Object](#parameter-object) for details on the [`style`](#parameter-style) property. The behavior follows the same values as `query` parameters, including default values. Note that the initial `?` used in query strings is not used in `application/x-www-form-urlencoded` message bodies, and MUST be removed (if using an RFC6570 implementation) or simply not added (if constructing the string manually). This property SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. | -| explode | `boolean` | When this is `true`, property values of type `array` or `object` generate separate parameters for each value of the array, or key-value-pair of the map. For other types of properties this property has no effect. When [`style`](#encoding-style) is `"form"`, the default value is `true`. For all other styles, the default value is `false`. Note that despite `false` being the default for `deepObject`, the combination of `false` with `deepObject` is undefined. This property SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. | -| allowReserved | `boolean` | When this is true, parameter values are serialized using reserved expansion, as defined by [RFC6570](https://datatracker.ietf.org/doc/html/rfc6570#section-3.2.3), which allows [RFC3986's reserved character set](https://datatracker.ietf.org/doc/html/rfc3986#section-2.2), as well as percent-encoded triples, to pass through unchanged, while still percent-encoding all other disallowed characters (including `%` outside of percent-encoded triples). Applications are still responsible for percent-encoding reserved characters that are [not allowed in the query string](https://datatracker.ietf.org/doc/html/rfc3986#section-3.4) (`[`, `]`, `#`), or have a special meaning in `application/x-www-form-urlencoded` (`-`, `&`, `+`); see Appendices [C](#appendix-c-using-rfc6570-implementations) and [E](#appendix-e-percent-encoding-and-form-media-types) for details. The default value is `false`. This property SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. | +| style | `string` | Describes how a specific property value will be serialized depending on its type. See [Parameter Object](#parameter-object) for details on the [`style`](#parameter-style) field. The behavior follows the same values as `query` parameters, including default values. Note that the initial `?` used in query strings is not used in `application/x-www-form-urlencoded` message bodies, and MUST be removed (if using an RFC6570 implementation) or simply not added (if constructing the string manually). This field SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. | +| explode | `boolean` | When this is `true`, property values of type `array` or `object` generate separate parameters for each value of the array, or key-value-pair of the map. For other types of properties this field has no effect. When [`style`](#encoding-style) is `"form"`, the default value is `true`. For all other styles, the default value is `false`. Note that despite `false` being the default for `deepObject`, the combination of `false` with `deepObject` is undefined. This field SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. | +| allowReserved | `boolean` | When this is true, parameter values are serialized using reserved expansion, as defined by [RFC6570](https://datatracker.ietf.org/doc/html/rfc6570#section-3.2.3), which allows [RFC3986's reserved character set](https://datatracker.ietf.org/doc/html/rfc3986#section-2.2), as well as percent-encoded triples, to pass through unchanged, while still percent-encoding all other disallowed characters (including `%` outside of percent-encoded triples). Applications are still responsible for percent-encoding reserved characters that are [not allowed in the query string](https://datatracker.ietf.org/doc/html/rfc3986#section-3.4) (`[`, `]`, `#`), or have a special meaning in `application/x-www-form-urlencoded` (`-`, `&`, `+`); see Appendices [C](#appendix-c-using-rfc6570-implementations) and [E](#appendix-e-percent-encoding-and-form-media-types) for details. The default value is `false`. This field SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. | See also [Appendix C: Using RFC6570 Implementations](#appendix-c-using-rfc6570-implementations) for additional guidance. @@ -2107,7 +2107,7 @@ transactionCallback: #### Example Object An object grouping an internal or external example value with basic `summary` and `description` metadata. -This object is typically used in properties named `examples` (plural), and is a [referenceable](#reference-object) alternative to older `example` (singular) fields that do not support referencing or metadata. +This object is typically used in fields named `examples` (plural), and is a [referenceable](#reference-object) alternative to older `example` (singular) fields that do not support referencing or metadata. Examples allow demonstration of the usage of properties, parameters and objects within OpenAPI. @@ -2487,7 +2487,7 @@ The `example` and `examples` fields are mutually exclusive, and if either is pre | Field Name | Type | Description | | ------------------------------------- | :--------------------------------------------------------------------------------------: | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | style | `string` | Describes how the header value will be serialized. The default (and only legal value for headers) is `"simple"`. | -| explode | `boolean` | When this is true, header values of type `array` or `object` generate a single header whose value is a comma-separated list of the array items or key-value pairs of the map, see [Style Examples](#style-examples). For other data types this property has no effect. The default value is `false`. | +| explode | `boolean` | When this is true, header values of type `array` or `object` generate a single header whose value is a comma-separated list of the array items or key-value pairs of the map, see [Style Examples](#style-examples). For other data types this field has no effect. The default value is `false`. | | schema | [Schema Object](#schema-object) \| [Reference Object](#reference-object) | The schema defining the type used for the header. | | example | Any | Example of the header's potential value; see [Working With Examples](#working-with-examples). | | examples | Map[ `string`, [Example Object](#example-object) \| [Reference Object](#reference-object)] | Examples of the header's potential value; see [Working With Examples](#working-with-examples). | @@ -2496,7 +2496,7 @@ See also [Appendix C: Using RFC6570 Implementations](#appendix-c-using-rfc6570-i ###### Fixed Fields for use with `content` -For more complex scenarios, the [`content`](#header-content) property can define the media type and schema of the header, as well as give examples of its use. +For more complex scenarios, the [`content`](#header-content) field can define the media type and schema of the header, as well as give examples of its use. Using `content` with a `text/plain` media type is RECOMMENDED for headers where the `schema` strategy is not appropriate. | Field Name | Type | Description | @@ -2592,7 +2592,7 @@ For this specification, reference resolution is accomplished as defined by the J | ------------------------------- | :------: | ----------------------------------- | | $ref | `string` | **REQUIRED**. The reference string. | -This object cannot be extended with additional properties and any properties added SHALL be ignored. +This object cannot be extended with additional properties, and any properties added SHALL be ignored. ##### Reference Object Example @@ -2636,12 +2636,12 @@ The Schema Object allows the definition of input and output data types. These types can be objects, but also primitives and arrays. This object is an extended subset of the [JSON Schema Specification Wright Draft 00](https://json-schema.org/). -For more information about the properties, see [JSON Schema Core](https://tools.ietf.org/html/draft-wright-json-schema-00) and [JSON Schema Validation](https://tools.ietf.org/html/draft-wright-json-schema-validation-00). -Unless stated otherwise, the property definitions follow those of JSON Schema and do not add any additional semantics. +For more information about the keywords, see [JSON Schema Core](https://tools.ietf.org/html/draft-wright-json-schema-00) and [JSON Schema Validation](https://tools.ietf.org/html/draft-wright-json-schema-validation-00). +Unless stated otherwise, the keyword definitions follow those of JSON Schema and do not add any additional semantics. -##### Properties +##### JSON Schema Keywords -The following properties are taken directly from the JSON Schema definition and follow the same specifications: +The following keywords are taken directly from the JSON Schema definition and follow the same specifications: * title * multipleOf @@ -2660,7 +2660,7 @@ The following properties are taken directly from the JSON Schema definition and * required * enum -The following properties are taken from the JSON Schema definition but their definitions were adjusted to the OpenAPI Specification. +The following keywords are taken from the JSON Schema definition but their definitions were adjusted to the OpenAPI Specification. * type - Value MUST be a string. Multiple types via an array are not supported. * allOf - Inline or referenced schema MUST be of a [Schema Object](#schema-object) and not a standard JSON Schema. @@ -2676,7 +2676,7 @@ The following properties are taken from the JSON Schema definition but their def Alternatively, any time a Schema Object can be used, a [Reference Object](#reference-object) can be used in its place. This allows referencing definitions instead of defining them inline. -Additional properties defined by the JSON Schema specification that are not mentioned here are strictly unsupported. +Additional keywords defined by the JSON Schema specification that are not mentioned here are strictly unsupported. Other than the JSON Schema subset fields, the following fields MAY be used for further schema documentation: @@ -2688,16 +2688,16 @@ Other than the JSON Schema subset fields, the following fields MAY be used for f | discriminator | [Discriminator Object](#discriminator-object) | Adds support for polymorphism. The discriminator is used to determine which of a set of schemas a payload is expected to satisfy. See [Composition and Inheritance](#composition-and-inheritance-polymorphism) for more details. | | readOnly | `boolean` | Relevant only for Schema Object `properties` definitions. Declares the property as "read only". This means that it MAY be sent as part of a response but SHOULD NOT be sent as part of the request. If the property is marked as `readOnly` being `true` and is in the `required` list, the `required` will take effect on the response only. A property MUST NOT be marked as both `readOnly` and `writeOnly` being `true`. Default value is `false`. | | writeOnly | `boolean` | Relevant only for Schema Object `properties` definitions. Declares the property as "write only". Therefore, it MAY be sent as part of a request but SHOULD NOT be sent as part of the response. If the property is marked as `writeOnly` being `true` and is in the `required` list, the `required` will take effect on the request only. A property MUST NOT be marked as both `readOnly` and `writeOnly` being `true`. Default value is `false`. | -| xml | [XML Object](#xml-object) | This MAY be used only on properties schemas. It has no effect on root schemas. Adds additional metadata to describe the XML representation of this property. | +| xml | [XML Object](#xml-object) | This MAY be used only on property schemas. It has no effect on root schemas. Adds additional metadata to describe the XML representation of this property. | | externalDocs | [External Documentation Object](#external-documentation-object) | Additional external documentation for this schema. | -| example | Any | A free-form property to include an example of an instance for this schema. To represent examples that cannot be naturally represented in JSON or YAML, a string value can be used to contain the example with escaping where necessary. | +| example | Any | A free-form field to include an example of an instance for this schema. To represent examples that cannot be naturally represented in JSON or YAML, a string value can be used to contain the example with escaping where necessary. | | deprecated | `boolean` | Specifies that a schema is deprecated and SHOULD be transitioned out of usage. Default value is `false`. | This object MAY be extended with [Specification Extensions](#specification-extensions). ###### Composition and Inheritance (Polymorphism) -The OpenAPI Specification allows combining and extending model definitions using the `allOf` property of JSON Schema, in effect offering model composition. +The OpenAPI Specification allows combining and extending model definitions using the `allOf` keyword of JSON Schema, in effect offering model composition. `allOf` takes an array of object definitions that are validated _independently_ but together compose a single object. While composition offers model extensibility, it does not imply a hierarchy between the models. @@ -2711,7 +2711,7 @@ There are two ways to define the value of a discriminator for an inheriting inst ###### XML Modeling -The [xml](#schema-xml) property allows extra definitions when translating the JSON definition to XML. +The [xml](#schema-xml) field allows extra definitions when translating the JSON definition to XML. The [XML Object](#xml-object) contains additional information about the available options. ##### Schema Object Examples @@ -3185,7 +3185,7 @@ will map to `#/components/schemas/Dog` because the `dog` entry in the `mapping` A metadata object that allows for more fine-tuned XML model definitions. -When using arrays, XML element names are _not_ inferred (for singular/plural forms) and the `name` property SHOULD be used to add that information. +When using arrays, XML element names are _not_ inferred (for singular/plural forms) and the `name` field SHOULD be used to add that information. See examples for expected behavior. ##### Fixed Fields @@ -3364,7 +3364,7 @@ animals: value ``` -The external `name` property has no effect on the XML: +The external `name` field has no effect on the XML: ```json { @@ -3926,7 +3926,7 @@ OpenAPI description documents may contain references to external resources that ### Markdown and HTML Sanitization -Certain properties allow the use of Markdown which can contain HTML including script. It is the responsibility of tooling to appropriately sanitize the Markdown. +Certain fields allow the use of Markdown which can contain HTML including script. It is the responsibility of tooling to appropriately sanitize the Markdown. ## Appendix A: Revision History From bcfe55b6cb8091a5460438cf1e3a55fe42225aaa Mon Sep 17 00:00:00 2001 From: Ralf Handl Date: Thu, 15 Aug 2024 22:39:47 +0200 Subject: [PATCH 200/251] Update 3.0.4.md --- versions/3.0.4.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 951b89382c..db4c784cfe 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -1579,7 +1579,7 @@ See [Appendix B](#appendix-b-data-type-conversion) for a discussion of data type | Field Name | Type | Description | | ------------------------------------------------- | :-------: | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | style | `string` | Describes how a specific property value will be serialized depending on its type. See [Parameter Object](#parameter-object) for details on the [`style`](#parameter-style) field. The behavior follows the same values as `query` parameters, including default values. Note that the initial `?` used in query strings is not used in `application/x-www-form-urlencoded` message bodies, and MUST be removed (if using an RFC6570 implementation) or simply not added (if constructing the string manually). This field SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. | -| explode | `boolean` | When this is `true`, property values of type `array` or `object` generate separate parameters for each value of the array, or key-value-pair of the map. For other types of properties this field has no effect. When [`style`](#encoding-style) is `"form"`, the default value is `true`. For all other styles, the default value is `false`. Note that despite `false` being the default for `deepObject`, the combination of `false` with `deepObject` is undefined. This field SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. | +| explode | `boolean` | When this is true, property values of type `array` or `object` generate separate parameters for each value of the array, or key-value-pair of the map. For other types of properties this field has no effect. When [`style`](#encoding-style) is `"form"`, the default value is `true`. For all other styles, the default value is `false`. Note that despite `false` being the default for `deepObject`, the combination of `false` with `deepObject` is undefined. This field SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. | | allowReserved | `boolean` | When this is true, parameter values are serialized using reserved expansion, as defined by [RFC6570](https://datatracker.ietf.org/doc/html/rfc6570#section-3.2.3), which allows [RFC3986's reserved character set](https://datatracker.ietf.org/doc/html/rfc3986#section-2.2), as well as percent-encoded triples, to pass through unchanged, while still percent-encoding all other disallowed characters (including `%` outside of percent-encoded triples). Applications are still responsible for percent-encoding reserved characters that are [not allowed in the query string](https://datatracker.ietf.org/doc/html/rfc3986#section-3.4) (`[`, `]`, `#`), or have a special meaning in `application/x-www-form-urlencoded` (`-`, `&`, `+`); see Appendices [C](#appendix-c-using-rfc6570-implementations) and [E](#appendix-e-percent-encoding-and-form-media-types) for details. The default value is `false`. This field SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. | See also [Appendix C: Using RFC6570 Implementations](#appendix-c-using-rfc6570-implementations) for additional guidance. @@ -2443,7 +2443,7 @@ The table below provides examples of runtime expressions and examples of their u | Requested media type | `$request.header.accept` | | | Request parameter | `$request.path.id` | Request parameters MUST be declared in the `parameters` section of the parent operation or they cannot be evaluated. This includes request headers. | | Request body property | `$request.body#/user/uuid` | In operations which accept payloads, references may be made to portions of the `requestBody` or the entire body. | -| Request URL | `$url` || +| Request URL | `$url` | | | Response value | `$response.body#/status` | In operations which return payloads, references may be made to portions of the response body or the entire body. | | Response header | `$response.header.Server` | Single header values only are available | @@ -4324,4 +4324,3 @@ Code that relies on leaving these delimiters unencoded, while using regular perc For maximum interoperability, it is RECOMMENDED to either define and document an additional escape convention while percent-encoding the delimiters for these styles, or to avoid these styles entirely. The exact method of additional encoding/escaping is left to the API designer, and is expected to be performed before serialization and encoding described in this specification, and reversed after this specification's encoding and serialization steps are reversed. This keeps it outside of the processes governed by this specification. - From 90f052a0344b2d86f6220cb05cf4d32a595945e2 Mon Sep 17 00:00:00 2001 From: Ralf Handl Date: Fri, 16 Aug 2024 14:33:39 +0200 Subject: [PATCH 201/251] Update 3.0.4.md --- versions/3.0.4.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index db4c784cfe..f7d2a571f0 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -189,8 +189,8 @@ The formats defined by the OAS are: | [`type`](#data-types) | [`format`](#data-type-format) | Comments | | -------------------- | --------------------------- | ----------------------------------------------------------------------------------------- | -| `integer` | `int32` | signed 32 bits | -| `integer` | `int64` | signed 64 bits (a.k.a long) | +| `number ` | `int32` | signed 32 bits | +| `number` | `int64` | signed 64 bits (a.k.a long) | | `number` | `float` | | | `number` | `double` | | | `string` | `byte` | base64 encoded characters - [RFC4648](https://www.rfc-editor.org/rfc/rfc4648#section-4) | From 2a3605d46fc6b905fbd9e336b7bd84867aad6a57 Mon Sep 17 00:00:00 2001 From: Ralf Handl Date: Mon, 19 Aug 2024 09:40:19 +0200 Subject: [PATCH 202/251] Revert integer change --- versions/3.0.4.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index f7d2a571f0..7b7c40de2b 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -189,8 +189,8 @@ The formats defined by the OAS are: | [`type`](#data-types) | [`format`](#data-type-format) | Comments | | -------------------- | --------------------------- | ----------------------------------------------------------------------------------------- | -| `number ` | `int32` | signed 32 bits | -| `number` | `int64` | signed 64 bits (a.k.a long) | +| `integer ` | `int32` | signed 32 bits | +| `integer` | `int64` | signed 64 bits (a.k.a long) | | `number` | `float` | | | `number` | `double` | | | `string` | `byte` | base64 encoded characters - [RFC4648](https://www.rfc-editor.org/rfc/rfc4648#section-4) | From 70fa392f192473134f0f78168e69b857934d6dcd Mon Sep 17 00:00:00 2001 From: Ralf Handl Date: Mon, 19 Aug 2024 10:25:35 +0200 Subject: [PATCH 203/251] Update 3.0.4.md --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 7b7c40de2b..db4c784cfe 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -189,7 +189,7 @@ The formats defined by the OAS are: | [`type`](#data-types) | [`format`](#data-type-format) | Comments | | -------------------- | --------------------------- | ----------------------------------------------------------------------------------------- | -| `integer ` | `int32` | signed 32 bits | +| `integer` | `int32` | signed 32 bits | | `integer` | `int64` | signed 64 bits (a.k.a long) | | `number` | `float` | | | `number` | `double` | | From 70d385128d6ebfd3c59d648a00e69d7f41623e23 Mon Sep 17 00:00:00 2001 From: Ralf Handl Date: Mon, 19 Aug 2024 15:11:00 +0200 Subject: [PATCH 204/251] Lint 3.0.4.md --- .github/workflows/validate-markdown.yaml | 2 ++ versions/.markdownlint.yaml | 16 ++++++++++++++++ 2 files changed, 18 insertions(+) create mode 100644 versions/.markdownlint.yaml diff --git a/.github/workflows/validate-markdown.yaml b/.github/workflows/validate-markdown.yaml index 43050e4870..aa6170447c 100644 --- a/.github/workflows/validate-markdown.yaml +++ b/.github/workflows/validate-markdown.yaml @@ -29,4 +29,6 @@ jobs: node-version: '20.x' - name: Validate markdown run: npx --yes mdv versions/3.*.md + - name: Lint markdown v3.0.4 + run: npx --yes markdownlint-cli --config versions/.markdownlint.yaml versions/3.0.4.md diff --git a/versions/.markdownlint.yaml b/versions/.markdownlint.yaml new file mode 100644 index 0000000000..c8955c967a --- /dev/null +++ b/versions/.markdownlint.yaml @@ -0,0 +1,16 @@ + # Unordered list symbol + MD004: + style: asterisk + + # Unordered list indentation + MD007: + indent: 2 + + MD012: false # allow blank lines + + MD013: + line_length: 800 + tables: false + + MD024: false # duplicate headings + MD033: false # inline HTML From 34e98831bb46d1264653831ac082662c60dc9f31 Mon Sep 17 00:00:00 2001 From: Ralf Handl Date: Tue, 20 Aug 2024 13:11:55 +0200 Subject: [PATCH 205/251] Update versions/.markdownlint.yaml Co-authored-by: Mike Kistler --- versions/.markdownlint.yaml | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/versions/.markdownlint.yaml b/versions/.markdownlint.yaml index c8955c967a..7c39652d0d 100644 --- a/versions/.markdownlint.yaml +++ b/versions/.markdownlint.yaml @@ -1,16 +1,16 @@ - # Unordered list symbol - MD004: - style: asterisk +# Unordered list symbol +MD004: + style: asterisk - # Unordered list indentation - MD007: - indent: 2 +# Unordered list indentation +MD007: + indent: 2 - MD012: false # allow blank lines +MD012: false # allow blank lines - MD013: - line_length: 800 - tables: false +MD013: + line_length: 800 + tables: false - MD024: false # duplicate headings - MD033: false # inline HTML +MD024: false # duplicate headings +MD033: false # inline HTML From 244b3e2a9d94078750c760c978f3510fab1cd154 Mon Sep 17 00:00:00 2001 From: Ralf Handl Date: Tue, 20 Aug 2024 13:13:46 +0200 Subject: [PATCH 206/251] Update .markdownlint.yaml --- versions/.markdownlint.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/versions/.markdownlint.yaml b/versions/.markdownlint.yaml index 7c39652d0d..b21f293e91 100644 --- a/versions/.markdownlint.yaml +++ b/versions/.markdownlint.yaml @@ -1,16 +1,16 @@ # Unordered list symbol MD004: - style: asterisk + style: asterisk # Unordered list indentation MD007: - indent: 2 + indent: 2 MD012: false # allow blank lines MD013: - line_length: 800 - tables: false + line_length: 800 + tables: false MD024: false # duplicate headings MD033: false # inline HTML From 230aefbab8f6f91a17ef15d98b0b51ca794887ab Mon Sep 17 00:00:00 2001 From: Ralf Handl Date: Tue, 20 Aug 2024 14:43:15 +0200 Subject: [PATCH 207/251] Example link to learn site --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 951b89382c..e7f462cbe0 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -2019,7 +2019,7 @@ The key value used to identify the Path Item Object is an expression, evaluated | Field Pattern | Type | Description | | --------------------------------------------- | :---------------------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------- | -| {expression} | [Path Item Object](#path-item-object) | A Path Item Object used to define a callback request and expected responses. A [complete example](../examples/v3.0/callback-example.yaml) is available. | +| {expression} | [Path Item Object](#path-item-object) | A Path Item Object used to define a callback request and expected responses. A [complete example](https://learn.openapis.org/examples/v3.0/callback-example.html) is available. | This object MAY be extended with [Specification Extensions](#specification-extensions). From a248f6efd0128850ab818115721064d2606959e9 Mon Sep 17 00:00:00 2001 From: Ralf Handl Date: Thu, 22 Aug 2024 13:20:56 +0200 Subject: [PATCH 208/251] Cleanup --- .github/workflows/validate-markdown.yaml | 4 ++-- versions/.markdownlint.yaml | 16 ---------------- 2 files changed, 2 insertions(+), 18 deletions(-) delete mode 100644 versions/.markdownlint.yaml diff --git a/.github/workflows/validate-markdown.yaml b/.github/workflows/validate-markdown.yaml index aa6170447c..e75fac5e0d 100644 --- a/.github/workflows/validate-markdown.yaml +++ b/.github/workflows/validate-markdown.yaml @@ -23,12 +23,12 @@ jobs: fetch-depth: 0 - name: use the javascript environment from main run: | - git checkout remotes/origin/main -- package.json package-lock.json + git checkout remotes/origin/main -- package.json package-lock.json .markdownlint.yaml - uses: actions/setup-node@v4 # setup Node.js with: node-version: '20.x' - name: Validate markdown run: npx --yes mdv versions/3.*.md - name: Lint markdown v3.0.4 - run: npx --yes markdownlint-cli --config versions/.markdownlint.yaml versions/3.0.4.md + run: npx --yes markdownlint-cli --config .markdownlint.yaml versions/3.0.4.md diff --git a/versions/.markdownlint.yaml b/versions/.markdownlint.yaml deleted file mode 100644 index b21f293e91..0000000000 --- a/versions/.markdownlint.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# Unordered list symbol -MD004: - style: asterisk - -# Unordered list indentation -MD007: - indent: 2 - -MD012: false # allow blank lines - -MD013: - line_length: 800 - tables: false - -MD024: false # duplicate headings -MD033: false # inline HTML From efab6565c63eb843dd2e13840dfc755573b1fb22 Mon Sep 17 00:00:00 2001 From: Ralf Handl Date: Thu, 22 Aug 2024 13:33:08 +0200 Subject: [PATCH 209/251] format-markdown script --- package.json | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/package.json b/package.json index 4a08fdf38c..7e427cdee4 100644 --- a/package.json +++ b/package.json @@ -25,5 +25,8 @@ "Swagger", "schema", "API" - ] + ], + "scripts": { + "format-markdown": "npx prettier --write --single-quote versions/3.0.4.md && npx --yes markdownlint-cli --fix --config .markdownlint.yaml versions/3.0.4.md" + } } From d9e5f2d86dbbd48184f2142ed0798b4130559641 Mon Sep 17 00:00:00 2001 From: Ralf Handl Date: Thu, 22 Aug 2024 15:18:21 +0200 Subject: [PATCH 210/251] Add .markdownlint.yaml and run script --- .markdownlint.yaml | 16 ++ versions/3.0.4.md | 457 ++++++++++++++++++++++----------------------- 2 files changed, 244 insertions(+), 229 deletions(-) create mode 100644 .markdownlint.yaml diff --git a/.markdownlint.yaml b/.markdownlint.yaml new file mode 100644 index 0000000000..7c39652d0d --- /dev/null +++ b/.markdownlint.yaml @@ -0,0 +1,16 @@ +# Unordered list symbol +MD004: + style: asterisk + +# Unordered list indentation +MD007: + indent: 2 + +MD012: false # allow blank lines + +MD013: + line_length: 800 + tables: false + +MD024: false # duplicate headings +MD033: false # inline HTML diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 951b89382c..cd597c67ba 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -139,12 +139,12 @@ Several features of this specification require resolution of non-URI-based conne These connections are unambiguously resolved in single-document OADs, but the resolution process in multi-document OADs is _implementation-defined_, within the constraints described in this section. In some cases, an unambiguous URI-based alternative is available, and OAD authors are RECOMMENDED to always use the alternative: -| Source | Target | Alternative | -| -------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------- | --------------------------------- | -| [Security Requirement Object](#security-requirement-object) `{name}` | [Security Scheme Object](#security-scheme-object) name under the [Components Object](#components-object) | _n/a_ | -| [Discriminator Object](#discriminator-object) `mapping` _(implicit, or explicit name syntax)_ | [Schema Object](#schema-object) name under the Components Object | `mapping` _(explicit URI syntax)_ | -| [Operation Object](#operation-object) `tags` | [Tag Object](#tag-object) `name` (in the [OpenAPI Object](#openapi-object)'s `tags` array) | _n/a_ | -| [Link Object](#link-object) `operationId` | [Path Item Object](#path-item-object) `operationId` | `operationRef` | +| Source | Target | Alternative | +| --------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------- | --------------------------------- | +| [Security Requirement Object](#security-requirement-object) `{name}` | [Security Scheme Object](#security-scheme-object) name under the [Components Object](#components-object) | _n/a_ | +| [Discriminator Object](#discriminator-object) `mapping` _(implicit, or explicit name syntax)_ | [Schema Object](#schema-object) name under the Components Object | `mapping` _(explicit URI syntax)_ | +| [Operation Object](#operation-object) `tags` | [Tag Object](#tag-object) `name` (in the [OpenAPI Object](#openapi-object)'s `tags` array) | _n/a_ | +| [Link Object](#link-object) `operationId` | [Path Item Object](#path-item-object) `operationId` | `operationRef` | A fifth implicit connection involves appending the templated URL paths of the [Paths Object](#paths-object) to the appropriate [Server Object](#server-object)'s `url` field. This is unambiguous because only the entry document's Paths Object contributes URLs to the described API. @@ -188,16 +188,16 @@ Types that are not accompanied by a `format` keyword follow the type definition The formats defined by the OAS are: | [`type`](#data-types) | [`format`](#data-type-format) | Comments | -| -------------------- | --------------------------- | ----------------------------------------------------------------------------------------- | -| `integer` | `int32` | signed 32 bits | -| `integer` | `int64` | signed 64 bits (a.k.a long) | -| `number` | `float` | | -| `number` | `double` | | -| `string` | `byte` | base64 encoded characters - [RFC4648](https://www.rfc-editor.org/rfc/rfc4648#section-4) | -| `string` | `binary` | any sequence of octets | -| `string` | `date` | As defined by `full-date` - [RFC3339](https://www.rfc-editor.org/rfc/rfc3339#section-5.6) | -| `string` | `date-time` | As defined by `date-time` - [RFC3339](https://www.rfc-editor.org/rfc/rfc3339#section-5.6) | -| `string` | `password` | A hint to obscure the value. | +| --------------------- | ----------------------------- | ----------------------------------------------------------------------------------------- | +| `integer` | `int32` | signed 32 bits | +| `integer` | `int64` | signed 64 bits (a.k.a long) | +| `number` | `float` | | +| `number` | `double` | | +| `string` | `byte` | base64 encoded characters - [RFC4648](https://www.rfc-editor.org/rfc/rfc4648#section-4) | +| `string` | `binary` | any sequence of octets | +| `string` | `date` | As defined by `full-date` - [RFC3339](https://www.rfc-editor.org/rfc/rfc3339#section-5.6) | +| `string` | `date-time` | As defined by `date-time` - [RFC3339](https://www.rfc-editor.org/rfc/rfc3339#section-5.6) | +| `string` | `password` | A hint to obscure the value. | #### Working With Binary Data @@ -242,15 +242,15 @@ This is the root object of the [OpenAPI document](#openapi-description). ##### Fixed Fields -| Field Name | Type | Description | -| ------------------------------------------ | :-----------------------------------------------------------: | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| openapi | `string` | **REQUIRED**. This string MUST be the [version number](#versions) of the OpenAPI Specification that the OpenAPI document uses. The `openapi` field SHOULD be used by tooling to interpret the OpenAPI document. This is _not_ related to the API [`info.version`](#info-version) string. | -| info | [Info Object](#info-object) | **REQUIRED**. Provides metadata about the API. The metadata MAY be used by tooling as required. | -| servers | [[Server Object](#server-object)] | An array of Server Objects, which provide connectivity information to a target server. If the `servers` field is not provided, or is an empty array, the default value would be a [Server Object](#server-object) with a [url](#server-url) value of `/`. | -| paths | [Paths Object](#paths-object) | **REQUIRED**. The available paths and operations for the API. | -| components | [Components Object](#components-object) | An element to hold various schemas for the document. | -| security | [[Security Requirement Object](#security-requirement-object)] | A declaration of which security mechanisms can be used across the API. The list of values includes alternative Security Requirement Objects that can be used. Only one of the Security Requirement Objects need to be satisfied to authorize a request. Individual operations can override this definition. To make security optional, an empty security requirement (`{}`) can be included in the array. | -| tags | [[Tag Object](#tag-object)] | A list of tags used by the document with additional metadata. The order of the tags can be used to reflect on their order by the parsing tools. Not all tags that are used by the [Operation Object](#operation-object) must be declared. The tags that are not declared MAY be organized randomly or based on the tools' logic. Each tag name in the list MUST be unique. | +| Field Name | Type | Description | +| -------------------------------------------- | :-------------------------------------------------------------: | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| openapi | `string` | **REQUIRED**. This string MUST be the [version number](#versions) of the OpenAPI Specification that the OpenAPI document uses. The `openapi` field SHOULD be used by tooling to interpret the OpenAPI document. This is _not_ related to the API [`info.version`](#info-version) string. | +| info | [Info Object](#info-object) | **REQUIRED**. Provides metadata about the API. The metadata MAY be used by tooling as required. | +| servers | [[Server Object](#server-object)] | An array of Server Objects, which provide connectivity information to a target server. If the `servers` field is not provided, or is an empty array, the default value would be a [Server Object](#server-object) with a [url](#server-url) value of `/`. | +| paths | [Paths Object](#paths-object) | **REQUIRED**. The available paths and operations for the API. | +| components | [Components Object](#components-object) | An element to hold various schemas for the document. | +| security | [[Security Requirement Object](#security-requirement-object)] | A declaration of which security mechanisms can be used across the API. The list of values includes alternative Security Requirement Objects that can be used. Only one of the Security Requirement Objects need to be satisfied to authorize a request. Individual operations can override this definition. To make security optional, an empty security requirement (`{}`) can be included in the array. | +| tags | [[Tag Object](#tag-object)] | A list of tags used by the document with additional metadata. The order of the tags can be used to reflect on their order by the parsing tools. Not all tags that are used by the [Operation Object](#operation-object) must be declared. The tags that are not declared MAY be organized randomly or based on the tools' logic. Each tag name in the list MUST be unique. | | externalDocs | [External Documentation Object](#external-documentation-object) | Additional external documentation. | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -262,14 +262,14 @@ The metadata MAY be used by the clients if needed, and MAY be presented in editi ##### Fixed Fields -| Field Name | Type | Description | -| ----------------------------------------------- | :------------------------------: | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| title | `string` | **REQUIRED**. The title of the API. | -| description | `string` | A description of the API. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | -| termsOfService | `string` | A URL for the Terms of Service for the API. This MUST be in the form of a URL. | -| contact | [Contact Object](#contact-object) | The contact information for the exposed API. | -| license | [License Object](#license-object) | The license information for the exposed API. | -| version | `string` | **REQUIRED**. The version of the OpenAPI document (which is distinct from the [OpenAPI Specification version](#oas-version) or the version of the API being described). | +| Field Name | Type | Description | +| -------------------------------------------------- | :-------------------------------: | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| title | `string` | **REQUIRED**. The title of the API. | +| description | `string` | A description of the API. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | +| termsOfService | `string` | A URL for the Terms of Service for the API. This MUST be in the form of a URL. | +| contact | [Contact Object](#contact-object) | The contact information for the exposed API. | +| license | [License Object](#license-object) | The license information for the exposed API. | +| version | `string` | **REQUIRED**. The version of the OpenAPI document (which is distinct from the [OpenAPI Specification version](#oas-version) or the version of the API being described). | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -313,8 +313,8 @@ Contact information for the exposed API. ##### Fixed Fields -| Field Name | Type | Description | -| -------------------------------- | :------: | --------------------------------------------------------------------------------------------------- | +| Field Name | Type | Description | +| --------------------------------- | :------: | --------------------------------------------------------------------------------------------------- | | name | `string` | The identifying name of the contact person/organization. | | url | `string` | The URL for the contact information. This MUST be in the form of a URL. | | email | `string` | The email address of the contact person/organization. This MUST be in the form of an email address. | @@ -343,8 +343,8 @@ License information for the exposed API. ##### Fixed Fields -| Field Name | Type | Description | -| ------------------------------ | :------: | -------------------------------------------------------------------------- | +| Field Name | Type | Description | +| ------------------------------- | :------: | -------------------------------------------------------------------------- | | name | `string` | **REQUIRED**. The license name used for the API. | | url | `string` | A URL for the license used for the API. This MUST be in the form of a URL. | @@ -370,11 +370,11 @@ An object representing a Server. ##### Fixed Fields -| Field Name | Type | Description | -| ------------------------------------------- | :------------------------------------------------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| url | `string` | **REQUIRED**. A URL to the target host. This URL supports Server Variables and MAY be relative, to indicate that the host location is relative to the location where the OpenAPI document is being served. Variable substitutions will be made when a variable is named in `{`braces`}`. | -| description | `string` | An optional string describing the host designated by the URL. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | -| variables | Map[`string`, [Server Variable Object](#server-variable-object)] | A map between a variable name and its value. The value is used for substitution in the server's URL template. | +| Field Name | Type | Description | +| -------------------------------------------- | :--------------------------------------------------------------: | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| url | `string` | **REQUIRED**. A URL to the target host. This URL supports Server Variables and MAY be relative, to indicate that the host location is relative to the location where the OpenAPI document is being served. Variable substitutions will be made when a variable is named in `{`braces`}`. | +| description | `string` | An optional string describing the host designated by the URL. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | +| variables | Map[`string`, [Server Variable Object](#server-variable-object)] | A map between a variable name and its value. The value is used for substitution in the server's URL template. | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -476,11 +476,11 @@ An object representing a Server Variable for server URL template substitution. ##### Fixed Fields -| Field Name | Type | Description | -| --------------------------------------------------- | :--------: | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| enum | [`string`] | An enumeration of string values to be used if the substitution options are from a limited set. The array SHOULD NOT be empty. | +| Field Name | Type | Description | +| ----------------------------------------------------- | :--------: | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| enum | [`string`] | An enumeration of string values to be used if the substitution options are from a limited set. The array SHOULD NOT be empty. | | default | `string` | **REQUIRED**. The default value to use for substitution, which SHALL be sent if an alternate value is _not_ supplied. Note this behavior is different than the [Schema Object's](#schema-object) treatment of default values, because in those cases parameter values are optional. If the [`enum`](#server-variable-enum) is defined, the value SHOULD exist in the enum's values. | -| description | `string` | An optional description for the server variable. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | +| description | `string` | An optional description for the server variable. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -491,17 +491,17 @@ All objects defined within the Components Object will have no effect on the API ##### Fixed Fields -| Field Name | Type | Description | -| -------------------------------------------------------- | :----------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------- | -| schemas | Map[`string`, [Schema Object](#schema-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Schema Objects](#schema-object). | -| responses | Map[`string`, [Response Object](#response-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Response Objects](#response-object). | -| parameters | Map[`string`, [Parameter Object](#parameter-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Parameter Objects](#parameter-object). | -| examples | Map[`string`, [Example Object](#example-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Example Objects](#example-object). | -| requestBodies | Map[`string`, [Request Body Object](#request-body-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Request Body Objects](#request-body-object). | -| headers | Map[`string`, [Header Object](#header-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Header Objects](#header-object). | -| securitySchemes | Map[`string`, [Security Scheme Object](#security-scheme-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Security Scheme Objects](#security-scheme-object). | -| links | Map[`string`, [Link Object](#link-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Link Objects](#link-object). | -| callbacks | Map[`string`, [Callback Object](#callback-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Callback Objects](#callback-object). | +| Field Name | Type | Description | +| ------------------------------------------------------ | :-------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------ | +| schemas | Map[`string`, [Schema Object](#schema-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Schema Objects](#schema-object). | +| responses | Map[`string`, [Response Object](#response-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Response Objects](#response-object). | +| parameters | Map[`string`, [Parameter Object](#parameter-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Parameter Objects](#parameter-object). | +| examples | Map[`string`, [Example Object](#example-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Example Objects](#example-object). | +| requestBodies | Map[`string`, [Request Body Object](#request-body-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Request Body Objects](#request-body-object). | +| headers | Map[`string`, [Header Object](#header-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Header Objects](#header-object). | +| securitySchemes | Map[`string`, [Security Scheme Object](#security-scheme-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Security Scheme Objects](#security-scheme-object). | +| links | Map[`string`, [Link Object](#link-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Link Objects](#link-object). | +| callbacks | Map[`string`, [Callback Object](#callback-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Callback Objects](#callback-object). | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -698,8 +698,8 @@ The path is appended to the URL from the [Server Object](#server-object) in orde ##### Patterned Fields -| Field Pattern | Type | Description | -| ------------------------------- | :---------------------------------: | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Field Pattern | Type | Description | +| -------------------------------- | :-----------------------------------: | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | /{path} | [Path Item Object](#path-item-object) | A relative path to an individual endpoint. The field name MUST begin with a forward slash (`/`). The path is **appended** (no relative URL resolution) to the expanded URL from the [Server Object](#server-object)'s `url` field in order to construct the full URL. [Path templating](#path-templating) is allowed. When matching URLs, concrete (non-templated) paths would be matched before their templated counterparts. Templated paths with the same hierarchy but different templated names MUST NOT exist as they are identical. In case of ambiguous matching, it's up to the tooling to decide which one to use. | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -777,20 +777,20 @@ The path itself is still exposed to the documentation viewer but they will not k ##### Fixed Fields -| Field Name | Type | Description | -| --------------------------------------------- | :----------------------------------------------------------------------------: | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| $ref | `string` | Allows for a referenced definition of this path item. The value MUST be in the form of a URL, and the referenced structure MUST be in the form of a [Path Item Object](#path-item-object). In case a Path Item Object field appears both in the defined object and the referenced object, the behavior is undefined. See the rules for resolving [Relative References](#relative-references-in-urls). | -| summary | `string` | An optional string summary, intended to apply to all operations in this path. | -| description | `string` | An optional string description, intended to apply to all operations in this path. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | -| get | [Operation Object](#operation-object) | A definition of a GET operation on this path. | -| put | [Operation Object](#operation-object) | A definition of a PUT operation on this path. | -| post | [Operation Object](#operation-object) | A definition of a POST operation on this path. | -| delete | [Operation Object](#operation-object) | A definition of a DELETE operation on this path. | -| options | [Operation Object](#operation-object) | A definition of a OPTIONS operation on this path. | -| head | [Operation Object](#operation-object) | A definition of a HEAD operation on this path. | -| patch | [Operation Object](#operation-object) | A definition of a PATCH operation on this path. | -| trace | [Operation Object](#operation-object) | A definition of a TRACE operation on this path. | -| servers | [[Server Object](#server-object)] | An alternative `servers` array to service all operations in this path. If a `servers` array is specified at the [OpenAPI Object](#oas-servers) level, it will be overridden by this value. | +| Field Name | Type | Description | +| ----------------------------------------------- | :------------------------------------------------------------------------------: | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| $ref | `string` | Allows for a referenced definition of this path item. The value MUST be in the form of a URL, and the referenced structure MUST be in the form of a [Path Item Object](#path-item-object). In case a Path Item Object field appears both in the defined object and the referenced object, the behavior is undefined. See the rules for resolving [Relative References](#relative-references-in-urls). | +| summary | `string` | An optional string summary, intended to apply to all operations in this path. | +| description | `string` | An optional string description, intended to apply to all operations in this path. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | +| get | [Operation Object](#operation-object) | A definition of a GET operation on this path. | +| put | [Operation Object](#operation-object) | A definition of a PUT operation on this path. | +| post | [Operation Object](#operation-object) | A definition of a POST operation on this path. | +| delete | [Operation Object](#operation-object) | A definition of a DELETE operation on this path. | +| options | [Operation Object](#operation-object) | A definition of a OPTIONS operation on this path. | +| head | [Operation Object](#operation-object) | A definition of a HEAD operation on this path. | +| patch | [Operation Object](#operation-object) | A definition of a PATCH operation on this path. | +| trace | [Operation Object](#operation-object) | A definition of a TRACE operation on this path. | +| servers | [[Server Object](#server-object)] | An alternative `servers` array to service all operations in this path. If a `servers` array is specified at the [OpenAPI Object](#oas-servers) level, it will be overridden by this value. | | parameters | [[Parameter Object](#parameter-object) \| [Reference Object](#reference-object)] | A list of parameters that are applicable for all the operations described under this path. These parameters can be overridden at the operation level, but cannot be removed there. The list MUST NOT include duplicated parameters. A unique parameter is defined by a combination of a [name](#parameter-name) and [location](#parameter-in). The list can use the [Reference Object](#reference-object) to link to parameters that are defined in the [OpenAPI Object's `components.parameters`](#components-parameters). | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -885,20 +885,20 @@ Describes a single API operation on a path. ##### Fixed Fields -| Field Name | Type | Description | -| ------------------------------------------------ | :---------------------------------------------------------------------------------------: | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| tags | [`string`] | A list of tags for API documentation control. Tags can be used for logical grouping of operations by resources or any other qualifier. | -| summary | `string` | A short summary of what the operation does. | -| description | `string` | A verbose explanation of the operation behavior. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | -| externalDocs | [External Documentation Object](#external-documentation-object) | Additional external documentation for this operation. | -| operationId | `string` | Unique string used to identify the operation. The id MUST be unique among all operations described in the API. The operationId value is **case-sensitive**. Tools and libraries MAY use the operationId to uniquely identify an operation, therefore, it is RECOMMENDED to follow common programming naming conventions. | -| parameters | [[Parameter Object](#parameter-object) \| [Reference Object](#reference-object)] | A list of parameters that are applicable for this operation. If a parameter is already defined in the [Path Item](#path-item-parameters), the new definition will override it but can never remove it. The list MUST NOT include duplicated parameters. A unique parameter is defined by a combination of a [name](#parameter-name) and [location](#parameter-in). The list can use the [Reference Object](#reference-object) to link to parameters that are defined in the [OpenAPI Object's `components.parameters`](#components-parameters). | -| requestBody | [Request Body Object](#request-body-object) \| [Reference Object](#reference-object) | The request body applicable for this operation. The `requestBody` is only supported in HTTP methods where the HTTP 1.1 specification [RFC7231](https://tools.ietf.org/html/rfc7231#section-4.3.1) has explicitly defined semantics for request bodies. In other cases where the HTTP spec is vague (such as [GET](https://tools.ietf.org/html/rfc7231#section-4.3.1), [HEAD](https://tools.ietf.org/html/rfc7231#section-4.3.2) and [DELETE](https://tools.ietf.org/html/rfc7231#section-4.3.5)), `requestBody` SHALL be ignored by consumers. | -| responses | [Responses Object](#responses-object) | **REQUIRED**. The list of possible responses as they are returned from executing this operation. | -| callbacks | Map[`string`, [Callback Object](#callback-object) \| [Reference Object](#reference-object)] | A map of possible out-of band callbacks related to the parent operation. The key is a unique identifier for the Callback Object. Each value in the map is a [Callback Object](#callback-object) that describes a request that may be initiated by the API provider and the expected responses. | -| deprecated | `boolean` | Declares this operation to be deprecated. Consumers SHOULD refrain from usage of the declared operation. Default value is `false`. | -| security | [[Security Requirement Object](#security-requirement-object)] | A declaration of which security mechanisms can be used for this operation. The list of values includes alternative Security Requirement Objects that can be used. Only one of the Security Requirement Objects need to be satisfied to authorize a request. To make security optional, an empty security requirement (`{}`) can be included in the array. This definition overrides any declared top-level [`security`](#oas-security). To remove a top-level security declaration, an empty array can be used. | -| servers | [[Server Object](#server-object)] | An alternative `servers` array to service this operation. If a `servers` array is specified at the [Path Item Object](#path-item-servers) or [OpenAPI Object](#oas-servers) level, it will be overridden by this value. | +| Field Name | Type | Description | +| -------------------------------------------------- | :-----------------------------------------------------------------------------------------: | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| tags | [`string`] | A list of tags for API documentation control. Tags can be used for logical grouping of operations by resources or any other qualifier. | +| summary | `string` | A short summary of what the operation does. | +| description | `string` | A verbose explanation of the operation behavior. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | +| externalDocs | [External Documentation Object](#external-documentation-object) | Additional external documentation for this operation. | +| operationId | `string` | Unique string used to identify the operation. The id MUST be unique among all operations described in the API. The operationId value is **case-sensitive**. Tools and libraries MAY use the operationId to uniquely identify an operation, therefore, it is RECOMMENDED to follow common programming naming conventions. | +| parameters | [[Parameter Object](#parameter-object) \| [Reference Object](#reference-object)] | A list of parameters that are applicable for this operation. If a parameter is already defined in the [Path Item](#path-item-parameters), the new definition will override it but can never remove it. The list MUST NOT include duplicated parameters. A unique parameter is defined by a combination of a [name](#parameter-name) and [location](#parameter-in). The list can use the [Reference Object](#reference-object) to link to parameters that are defined in the [OpenAPI Object's `components.parameters`](#components-parameters). | +| requestBody | [Request Body Object](#request-body-object) \| [Reference Object](#reference-object) | The request body applicable for this operation. The `requestBody` is only supported in HTTP methods where the HTTP 1.1 specification [RFC7231](https://tools.ietf.org/html/rfc7231#section-4.3.1) has explicitly defined semantics for request bodies. In other cases where the HTTP spec is vague (such as [GET](https://tools.ietf.org/html/rfc7231#section-4.3.1), [HEAD](https://tools.ietf.org/html/rfc7231#section-4.3.2) and [DELETE](https://tools.ietf.org/html/rfc7231#section-4.3.5)), `requestBody` SHALL be ignored by consumers. | +| responses | [Responses Object](#responses-object) | **REQUIRED**. The list of possible responses as they are returned from executing this operation. | +| callbacks | Map[`string`, [Callback Object](#callback-object) \| [Reference Object](#reference-object)] | A map of possible out-of band callbacks related to the parent operation. The key is a unique identifier for the Callback Object. Each value in the map is a [Callback Object](#callback-object) that describes a request that may be initiated by the API provider and the expected responses. | +| deprecated | `boolean` | Declares this operation to be deprecated. Consumers SHOULD refrain from usage of the declared operation. Default value is `false`. | +| security | [[Security Requirement Object](#security-requirement-object)] | A declaration of which security mechanisms can be used for this operation. The list of values includes alternative Security Requirement Objects that can be used. Only one of the Security Requirement Objects need to be satisfied to authorize a request. To make security optional, an empty security requirement (`{}`) can be included in the array. This definition overrides any declared top-level [`security`](#oas-security). To remove a top-level security declaration, an empty array can be used. | +| servers | [[Server Object](#server-object)] | An alternative `servers` array to service this operation. If a `servers` array is specified at the [Path Item Object](#path-item-servers) or [OpenAPI Object](#oas-servers) level, it will be overridden by this value. | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -1013,8 +1013,8 @@ Allows referencing an external resource for extended documentation. ##### Fixed Fields -| Field Name | Type | Description | -| ------------------------------------------------ | :------: | -------------------------------------------------------------------------------------------------------------------------------------- | +| Field Name | Type | Description | +| -------------------------------------------------- | :------: | -------------------------------------------------------------------------------------------------------------------------------------- | | description | `string` | A description of the target documentation. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | | url | `string` | **REQUIRED**. The URL for the target documentation. This MUST be in the form of a URL. | @@ -1061,13 +1061,13 @@ See [Appendix B](#appendix-b-data-type-conversion) for a discussion of convertin These fields MAY be used with either `content` or `schema`. -| Field Name | Type | Description | -| ------------------------------------------------------- | :-------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| name | `string` | **REQUIRED**. The name of the parameter. Parameter names are _case sensitive_.
  • If [`in`](#parameter-in) is `"path"`, the `name` field MUST correspond to a template expression occurring within the [path](#paths-path) field in the [Paths Object](#paths-object). See [Path Templating](#path-templating) for further information.
  • If [`in`](#parameter-in) is `"header"` and the `name` field is `"Accept"`, `"Content-Type"` or `"Authorization"`, the parameter definition SHALL be ignored.
  • For all other cases, the `name` corresponds to the parameter name used by the [`in`](#parameter-in) field.
| -| in | `string` | **REQUIRED**. The location of the parameter. Possible values are `"query"`, `"header"`, `"path"` or `"cookie"`. | -| description | `string` | A brief description of the parameter. This could contain examples of use. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | -| required | `boolean` | Determines whether this parameter is mandatory. If the [parameter location](#parameter-in) is `"path"`, this field is **REQUIRED** and its value MUST be `true`. Otherwise, the field MAY be included and its default value is `false`. | -| deprecated | `boolean` | Specifies that a parameter is deprecated and SHOULD be transitioned out of usage. Default value is `false`. | +| Field Name | Type | Description | +| ---------------------------------------------------------- | :-------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| name | `string` | **REQUIRED**. The name of the parameter. Parameter names are _case sensitive_.
  • If [`in`](#parameter-in) is `"path"`, the `name` field MUST correspond to a template expression occurring within the [path](#paths-path) field in the [Paths Object](#paths-object). See [Path Templating](#path-templating) for further information.
  • If [`in`](#parameter-in) is `"header"` and the `name` field is `"Accept"`, `"Content-Type"` or `"Authorization"`, the parameter definition SHALL be ignored.
  • For all other cases, the `name` corresponds to the parameter name used by the [`in`](#parameter-in) field.
| +| in | `string` | **REQUIRED**. The location of the parameter. Possible values are `"query"`, `"header"`, `"path"` or `"cookie"`. | +| description | `string` | A brief description of the parameter. This could contain examples of use. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | +| required | `boolean` | Determines whether this parameter is mandatory. If the [parameter location](#parameter-in) is `"path"`, this field is **REQUIRED** and its value MUST be `true`. Otherwise, the field MAY be included and its default value is `false`. | +| deprecated | `boolean` | Specifies that a parameter is deprecated and SHOULD be transitioned out of usage. Default value is `false`. | | allowEmptyValue | `boolean` | If `true`, clients MAY pass a zero-length string value in place of parameters that would otherwise be omitted entirely, which the server SHOULD interpret as the parameter being unused. Default value is `false`. If [`style`](#parameter-style) is used, and if [behavior is _n/a_ (cannot be serialized)](#style-examples), the value of `allowEmptyValue` SHALL be ignored. Interactions between this field and the parameter's [Schema Object](#schema-object) are implementation-defined. This field is valid only for `query` parameters. Use of this field is NOT RECOMMENDED, and it is likely to be removed in a later revision. | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -1082,14 +1082,14 @@ The `example` and `examples` fields are mutually exclusive, and if either is pre Serializing with `schema` is NOT RECOMMENDED for `in: "cookie"` parameters, `in: "header"` parameters that use HTTP header parameters (name=value pairs following a `;`) in their values, or `in: "header"` parameters where values might have non-URL-safe characters; see [Appendix D](#appendix-d-serializing-headers-and-cookies) for details. -| Field Name | Type | Description | -| -------------------------------------------------- | :--------------------------------------------------------------------------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| style | `string` | Describes how the parameter value will be serialized depending on the type of the parameter value. Default values (based on value of `in`): for `"query"` - `"form"`; for `"path"` - `"simple"`; for `"header"` - `"simple"`; for `"cookie"` - `"form"`. | -| explode | `boolean` | When this is true, parameter values of type `array` or `object` generate separate parameters for each value of the array or key-value pair of the map. For other types of parameters this field has no effect. When [`style`](#parameter-style) is `"form"`, the default value is `true`. For all other styles, the default value is `false`. Note that despite `false` being the default for `deepObject`, the combination of `false` with `deepObject` is undefined. | -| allowReserved | `boolean` | When this is true, parameter values are serialized using reserved expansion, as defined by [RFC6570](https://datatracker.ietf.org/doc/html/rfc6570#section-3.2.3), which allows [RFC3986's reserved character set](https://datatracker.ietf.org/doc/html/rfc3986#section-2.2), as well as percent-encoded triples, to pass through unchanged, while still percent-encoding all other disallowed characters (including `%` outside of percent-encoded triples). Applications are still responsible for percent-encoding reserved characters that are [not allowed in the query string](https://datatracker.ietf.org/doc/html/rfc3986#section-3.4) (`[`, `]`, `#`), or have a special meaning in `application/x-www-form-urlencoded` (`-`, `&`, `+`); see Appendices [C](#appendix-c-using-rfc6570-implementations) and [E](#appendix-e-percent-encoding-and-form-media-types) for details. This field only applies to parameters with an `in` value of `query`. The default value is `false`. | -| schema | [Schema Object](#schema-object) \| [Reference Object](#reference-object) | The schema defining the type used for the parameter. | -| example | Any | Example of the parameter's potential value; see [Working With Examples](#working-with-examples). | -| examples | Map[ `string`, [Example Object](#example-object) \| [Reference Object](#reference-object)] | Examples of the parameter's potential value; see [Working With Examples](#working-with-examples). | +| Field Name | Type | Description | +| ---------------------------------------------------- | :----------------------------------------------------------------------------------------: | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| style | `string` | Describes how the parameter value will be serialized depending on the type of the parameter value. Default values (based on value of `in`): for `"query"` - `"form"`; for `"path"` - `"simple"`; for `"header"` - `"simple"`; for `"cookie"` - `"form"`. | +| explode | `boolean` | When this is true, parameter values of type `array` or `object` generate separate parameters for each value of the array or key-value pair of the map. For other types of parameters this field has no effect. When [`style`](#parameter-style) is `"form"`, the default value is `true`. For all other styles, the default value is `false`. Note that despite `false` being the default for `deepObject`, the combination of `false` with `deepObject` is undefined. | +| allowReserved | `boolean` | When this is true, parameter values are serialized using reserved expansion, as defined by [RFC6570](https://datatracker.ietf.org/doc/html/rfc6570#section-3.2.3), which allows [RFC3986's reserved character set](https://datatracker.ietf.org/doc/html/rfc3986#section-2.2), as well as percent-encoded triples, to pass through unchanged, while still percent-encoding all other disallowed characters (including `%` outside of percent-encoded triples). Applications are still responsible for percent-encoding reserved characters that are [not allowed in the query string](https://datatracker.ietf.org/doc/html/rfc3986#section-3.4) (`[`, `]`, `#`), or have a special meaning in `application/x-www-form-urlencoded` (`-`, `&`, `+`); see Appendices [C](#appendix-c-using-rfc6570-implementations) and [E](#appendix-e-percent-encoding-and-form-media-types) for details. This field only applies to parameters with an `in` value of `query`. The default value is `false`. | +| schema | [Schema Object](#schema-object) \| [Reference Object](#reference-object) | The schema defining the type used for the parameter. | +| example | Any | Example of the parameter's potential value; see [Working With Examples](#working-with-examples). | +| examples | Map[ `string`, [Example Object](#example-object) \| [Reference Object](#reference-object)] | Examples of the parameter's potential value; see [Working With Examples](#working-with-examples). | See also [Appendix C: Using RFC6570 Implementations](#appendix-c-using-rfc6570-implementations) for additional guidance. @@ -1098,15 +1098,15 @@ See also [Appendix C: Using RFC6570 Implementations](#appendix-c-using-rfc6570-i For more complex scenarios, the [`content`](#parameter-content) field can define the media type and schema of the parameter, as well as give examples of its use. Using `content` with a `text/plain` media type is RECOMMENDED for `in: "header"` and `in: "cookie"` parameters where the `schema` strategy is not appropriate. -| Field Name | Type | Description | -| -------------------------------------- | :--------------------------------------------------: | -------------------------------------------------------------------------------------------------------------------------------------------------- | +| Field Name | Type | Description | +| --------------------------------------- | :----------------------------------------------------: | -------------------------------------------------------------------------------------------------------------------------------------------------- | | content | Map[`string`, [Media Type Object](#media-type-object)] | A map containing the representations for the parameter. The key is the media type and the value describes it. The map MUST only contain one entry. | ##### Style Values In order to support common ways of serializing simple parameters, a set of `style` values are defined. -| `style` | [`type`](#data-types) | `in` | Comments | +| `style` | [`type`](#data-types) | `in` | Comments | | -------------- | ------------------------------ | ----------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | matrix | `primitive`, `array`, `object` | `path` | Path-style parameters defined by [RFC6570](https://tools.ietf.org/html/rfc6570#section-3.2.7) | | label | `primitive`, `array`, `object` | `path` | Label style parameters defined by [RFC6570](https://tools.ietf.org/html/rfc6570#section-3.2.5) | @@ -1137,22 +1137,22 @@ The following table shows examples, as would be shown with the `example` or `exa * Note that the `?` prefix is not appropriate for serializing `application/x-www-form-urlencoded` HTTP message bodies, and MUST be stripped or (if constructing the string manually) not added when used in that context; see the [Encoding Object](#encoding-object) for more information * The examples are percent-encoded as required by RFC6570 and RFC3986; see [Appendix E](#appendix-e-percent-encoding-and-form-media-types) for a thorough discussion of percent-encoding concerns, including why unencoded `|` (`%7C`), `[` (`%5B`), and `]` (`%5D`) seem to work in some environments despite not being compliant. -| [`style`](#style-values) | `explode` | `undefined` | `string` | `array` | `object` | -| ----------------------- | --------- | ------------------------------------------------- | ----------------------------------------------------- | ----------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------- | -| matrix | false | ;color | ;color=blue | ;color=blue,black,brown | ;color=R,100,G,200,B,150 | -| matrix | true | ;color | ;color=blue | ;color=blue;color=black;color=brown | ;R=100;G=200;B=150 | -| label | false | . | .blue | .blue,black,brown | .R,100,G,200,B,150 | -| label | true | . | .blue | .blue.black.brown | .R=100.G=200.B=150 | -| simple | false | _empty_ | blue | blue,black,brown | R,100,G,200,B,150 | -| simple | true | _empty_ | blue | blue,black,brown | R=100,G=200,B=150 | -| form | false | ?color= | ?color=blue | ?color=blue,black,brown | ?color=R,100,G,200,B,150 | -| form | true | ?color= | ?color=blue | ?color=blue&color=black&color=brown | ?R=100&G=200&B=150 | -| spaceDelimited | false | _n/a_ | _n/a_ | ?color=blue%20black%20brown | ?color=R%20100%20G%20200%20B%20150 | -| spaceDelimited | true | _n/a_ | _n/a_ | _n/a_ | _n/a_ | -| pipeDelimited | false | _n/a_ | _n/a_ | ?color=blue%7Cblack%7Cbrown | ?color=R%7C100%7CG%7C200%7CB%7C150 | -| pipeDelimited | true | _n/a_ | _n/a_ | _n/a_ | _n/a_ | -| deepObject | false | _n/a_ | _n/a_ | _n/a_ | _n/a_ | -| deepObject | true | _n/a_ | _n/a_ | _n/a_ | ?color%5BR%5D=100&color%5BG%5D=200&color%5BB%5D=150 | +| [`style`](#style-values) | `explode` | `undefined` | `string` | `array` | `object` | +| ------------------------ | --------- | ------------------------------------------------- | ----------------------------------------------------- | ----------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------- | +| matrix | false | ;color | ;color=blue | ;color=blue,black,brown | ;color=R,100,G,200,B,150 | +| matrix | true | ;color | ;color=blue | ;color=blue;color=black;color=brown | ;R=100;G=200;B=150 | +| label | false | . | .blue | .blue,black,brown | .R,100,G,200,B,150 | +| label | true | . | .blue | .blue.black.brown | .R=100.G=200.B=150 | +| simple | false | _empty_ | blue | blue,black,brown | R,100,G,200,B,150 | +| simple | true | _empty_ | blue | blue,black,brown | R=100,G=200,B=150 | +| form | false | ?color= | ?color=blue | ?color=blue,black,brown | ?color=R,100,G,200,B,150 | +| form | true | ?color= | ?color=blue | ?color=blue&color=black&color=brown | ?R=100&G=200&B=150 | +| spaceDelimited | false | _n/a_ | _n/a_ | ?color=blue%20black%20brown | ?color=R%20100%20G%20200%20B%20150 | +| spaceDelimited | true | _n/a_ | _n/a_ | _n/a_ | _n/a_ | +| pipeDelimited | false | _n/a_ | _n/a_ | ?color=blue%7Cblack%7Cbrown | ?color=R%7C100%7CG%7C200%7CB%7C150 | +| pipeDelimited | true | _n/a_ | _n/a_ | _n/a_ | _n/a_ | +| deepObject | false | _n/a_ | _n/a_ | _n/a_ | _n/a_ | +| deepObject | true | _n/a_ | _n/a_ | _n/a_ | ?color%5BR%5D=100&color%5BG%5D=200&color%5BB%5D=150 | ##### Parameter Object Examples @@ -1317,11 +1317,11 @@ Describes a single request body. ##### Fixed Fields -| Field Name | Type | Description | -| ------------------------------------------------ | :--------------------------------------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| description | `string` | A brief description of the request body. This could contain examples of use. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | +| Field Name | Type | Description | +| -------------------------------------------------- | :----------------------------------------------------: | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| description | `string` | A brief description of the request body. This could contain examples of use. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | | content | Map[`string`, [Media Type Object](#media-type-object)] | **REQUIRED**. The content of the request body. The key is a media type or [media type range](https://tools.ietf.org/html/rfc7231#appendix-D) and the value describes it. For requests that match multiple keys, only the most specific key is applicable. e.g. `"text/plain"` overrides `"text/*"` | -| required | `boolean` | Determines if the request body is required in the request. Defaults to `false`. | +| required | `boolean` | Determines if the request body is required in the request. Defaults to `false`. | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -1414,12 +1414,12 @@ See [Working With Examples](#working-with-examples) for further guidance regardi ##### Fixed Fields -| Field Name | Type | Description | -| ---------------------------------------- | :--------------------------------------------------------------------------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Field Name | Type | Description | +| ------------------------------------------ | :----------------------------------------------------------------------------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | schema | [Schema Object](#schema-object) \| [Reference Object](#reference-object) | The schema defining the content of the request, response, parameter, or header. | -| example | Any | Example of the media type; see [Working With Examples](#working-with-examples). | +| example | Any | Example of the media type; see [Working With Examples](#working-with-examples). | | examples | Map[ `string`, [Example Object](#example-object) \| [Reference Object](#reference-object)] | Examples of the media type; see [Working With Examples](#working-with-examples). | -| encoding | Map[`string`, [Encoding Object](#encoding-object)] | A map between a property name and its encoding information. The key, being the property name, MUST exist in the schema as a property. The `encoding` field SHALL only apply to [Request Body Objects](#request-body-object), and only when the media type is `multipart` or `application/x-www-form-urlencoded`. If no Encoding Object is provided for a property, the behavior is determined by the default values documented for the Encoding Object. | +| encoding | Map[`string`, [Encoding Object](#encoding-object)] | A map between a property name and its encoding information. The key, being the property name, MUST exist in the schema as a property. The `encoding` field SHALL only apply to [Request Body Objects](#request-body-object), and only when the media type is `multipart` or `application/x-www-form-urlencoded`. If no Encoding Object is provided for a property, the behavior is determined by the default values documented for the Encoding Object. | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -1553,10 +1553,10 @@ See [Appendix E](#appendix-e-percent-encoding-and-form-media-types) for a detail These fields MAY be used either with or without the RFC6570-style serialization fields defined in the next section below. -| Field Name | Type | Description | -| --------------------------------------------- | :-----------------------------------------------------------------------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| contentType | `string` | The `Content-Type` for encoding a specific property. The value is a comma-separated list, each element of which is either a specific media type (e.g. `image/png`) or a wildcard media type (e.g. `image/*`). Default value depends on the property type as shown in the table below. | -| headers | Map[`string`, [Header Object](#header-object) \| [Reference Object](#reference-object)] | A map allowing additional information to be provided as headers. `Content-Type` is described separately and SHALL be ignored in this section. This field SHALL be ignored if the request body media type is not a `multipart`. | +| Field Name | Type | Description | +| ----------------------------------------------- | :-------------------------------------------------------------------------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| contentType | `string` | The `Content-Type` for encoding a specific property. The value is a comma-separated list, each element of which is either a specific media type (e.g. `image/png`) or a wildcard media type (e.g. `image/*`). Default value depends on the property type as shown in the table below. | +| headers | Map[`string`, [Header Object](#header-object) \| [Reference Object](#reference-object)] | A map allowing additional information to be provided as headers. `Content-Type` is described separately and SHALL be ignored in this section. This field SHALL be ignored if the request body media type is not a `multipart`. | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -1576,10 +1576,10 @@ See [Appendix B](#appendix-b-data-type-conversion) for a discussion of data type ###### Fixed Fields for RFC6570-style Serialization -| Field Name | Type | Description | -| ------------------------------------------------- | :-------: | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| style | `string` | Describes how a specific property value will be serialized depending on its type. See [Parameter Object](#parameter-object) for details on the [`style`](#parameter-style) field. The behavior follows the same values as `query` parameters, including default values. Note that the initial `?` used in query strings is not used in `application/x-www-form-urlencoded` message bodies, and MUST be removed (if using an RFC6570 implementation) or simply not added (if constructing the string manually). This field SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. | -| explode | `boolean` | When this is `true`, property values of type `array` or `object` generate separate parameters for each value of the array, or key-value-pair of the map. For other types of properties this field has no effect. When [`style`](#encoding-style) is `"form"`, the default value is `true`. For all other styles, the default value is `false`. Note that despite `false` being the default for `deepObject`, the combination of `false` with `deepObject` is undefined. This field SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. | +| Field Name | Type | Description | +| --------------------------------------------------- | :-------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| style | `string` | Describes how a specific property value will be serialized depending on its type. See [Parameter Object](#parameter-object) for details on the [`style`](#parameter-style) field. The behavior follows the same values as `query` parameters, including default values. Note that the initial `?` used in query strings is not used in `application/x-www-form-urlencoded` message bodies, and MUST be removed (if using an RFC6570 implementation) or simply not added (if constructing the string manually). This field SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. | +| explode | `boolean` | When this is `true`, property values of type `array` or `object` generate separate parameters for each value of the array, or key-value-pair of the map. For other types of properties this field has no effect. When [`style`](#encoding-style) is `"form"`, the default value is `true`. For all other styles, the default value is `false`. Note that despite `false` being the default for `deepObject`, the combination of `false` with `deepObject` is undefined. This field SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. | | allowReserved | `boolean` | When this is true, parameter values are serialized using reserved expansion, as defined by [RFC6570](https://datatracker.ietf.org/doc/html/rfc6570#section-3.2.3), which allows [RFC3986's reserved character set](https://datatracker.ietf.org/doc/html/rfc3986#section-2.2), as well as percent-encoded triples, to pass through unchanged, while still percent-encoding all other disallowed characters (including `%` outside of percent-encoded triples). Applications are still responsible for percent-encoding reserved characters that are [not allowed in the query string](https://datatracker.ietf.org/doc/html/rfc3986#section-3.4) (`[`, `]`, `#`), or have a special meaning in `application/x-www-form-urlencoded` (`-`, `&`, `+`); see Appendices [C](#appendix-c-using-rfc6570-implementations) and [E](#appendix-e-percent-encoding-and-form-media-types) for details. The default value is `false`. This field SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. | See also [Appendix C: Using RFC6570 Implementations](#appendix-c-using-rfc6570-implementations) for additional guidance. @@ -1814,14 +1814,14 @@ call. ##### Fixed Fields -| Field Name | Type | Description | -| -------------------------------------- | :------------------------------------------------------------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Field Name | Type | Description | +| --------------------------------------- | :--------------------------------------------------------------------------: | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | default | [Response Object](#response-object) \| [Reference Object](#reference-object) | The documentation of responses other than the ones declared for specific HTTP response codes. Use this field to cover undeclared responses. A [Reference Object](#reference-object) can link to a response that the [OpenAPI Object's `components.responses`](#components-responses) section defines. | ##### Patterned Fields -| Field Pattern | Type | Description | -| ---------------------------------------------------------- | :------------------------------------------------------------------------: | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Field Pattern | Type | Description | +| ------------------------------------------------------------------- | :--------------------------------------------------------------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | [HTTP Status Code](#http-status-codes) | [Response Object](#response-object) \| [Reference Object](#reference-object) | Any [HTTP status code](#http-status-codes) can be used as the property name, but only one property per code, to describe the expected response for that HTTP status code. A [Reference Object](#reference-object) can link to a response that is defined in the [OpenAPI Object's `components.responses`](#components-responses) section. This field MUST be enclosed in quotation marks (for example, "200") for compatibility between JSON and YAML. To define a range of response codes, this field MAY contain the uppercase wildcard character `X`. For example, `2XX` represents all response codes between `200` and `299`. Only the following range definitions are allowed: `1XX`, `2XX`, `3XX`, `4XX`, and `5XX`. If a response is defined using an explicit code, the explicit code definition takes precedence over the range definition for that code. | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -1877,12 +1877,12 @@ Describes a single response from an API operation, including design-time, static ##### Fixed Fields -| Field Name | Type | Description | -| --------------------------------------------- | :-----------------------------------------------------------------------------------: | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| description | `string` | **REQUIRED**. A description of the response. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | -| headers | Map[`string`, [Header Object](#header-object) \| [Reference Object](#reference-object)] | Maps a header name to its definition. [RFC7230](https://tools.ietf.org/html/rfc7230#section-3.2) states header names are case insensitive. If a response header is defined with the name `"Content-Type"`, it SHALL be ignored. | +| Field Name | Type | Description | +| ---------------------------------------------- | :-------------------------------------------------------------------------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| description | `string` | **REQUIRED**. A description of the response. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | +| headers | Map[`string`, [Header Object](#header-object) \| [Reference Object](#reference-object)] | Maps a header name to its definition. [RFC7230](https://tools.ietf.org/html/rfc7230#section-3.2) states header names are case insensitive. If a response header is defined with the name `"Content-Type"`, it SHALL be ignored. | | content | Map[`string`, [Media Type Object](#media-type-object)] | A map containing descriptions of potential response payloads. The key is a media type or [media type range](https://tools.ietf.org/html/rfc7231#appendix-D) and the value describes it. For responses that match multiple keys, only the most specific key is applicable. e.g. `"text/plain"` overrides `"text/*"` | -| links | Map[`string`, [Link Object](#link-object) \| [Reference Object](#reference-object)] | A map of operations links that can be followed from the response. The key of the map is a short name for the link, following the naming constraints of the names for [Component Objects](#components-object). | +| links | Map[`string`, [Link Object](#link-object) \| [Reference Object](#reference-object)] | A map of operations links that can be followed from the response. The key of the map is a short name for the link, following the naming constraints of the names for [Component Objects](#components-object). | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -2017,8 +2017,8 @@ The key value used to identify the Path Item Object is an expression, evaluated ##### Patterned Fields -| Field Pattern | Type | Description | -| --------------------------------------------- | :---------------------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Field Pattern | Type | Description | +| ---------------------------------------------- | :-----------------------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------- | | {expression} | [Path Item Object](#path-item-object) | A Path Item Object used to define a callback request and expected responses. A [complete example](../examples/v3.0/callback-example.yaml) is available. | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -2057,13 +2057,13 @@ Location: https://example.org/subscription/1 The following examples show how the various expressions evaluate, assuming the callback operation has a path parameter named `eventType` and a query parameter named `queryUrl`. -| Expression | Value | -| ---------------------------- | :----------------------------------------------------------------------------------- | +| Expression | Value | +| ---------------------------- | :------------------------------------------------------------------------------------- | | $url | | -| $method | POST | -| $request.path.eventType | myevent | +| $method | POST | +| $request.path.eventType | myevent | | $request.query.queryUrl | | -| $request.header.content-type | application/json | +| $request.header.content-type | application/json | | $request.body#/failedUrl | | | $request.body#/successUrls/1 | | | $response.header.Location | | @@ -2113,11 +2113,11 @@ Examples allow demonstration of the usage of properties, parameters and objects ##### Fixed Fields -| Field Name | Type | Description | -| ------------------------------------------------ | :------: | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| summary | `string` | Short description for the example. | -| description | `string` | Long description for the example. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | -| value | Any | Embedded literal example. The `value` field and `externalValue` field are mutually exclusive. To represent examples of media types that cannot naturally represented in JSON or YAML, use a string value to contain the example, escaping where necessary. | +| Field Name | Type | Description | +| -------------------------------------------------- | :------: | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| summary | `string` | Short description for the example. | +| description | `string` | Long description for the example. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | +| value | Any | Embedded literal example. The `value` field and `externalValue` field are mutually exclusive. To represent examples of media types that cannot naturally represented in JSON or YAML, use a string value to contain the example, escaping where necessary. | | externalValue | `string` | A URL that points to the literal example. This provides the capability to reference examples that cannot easily be included in JSON or YAML documents. The `value` field and `externalValue` field are mutually exclusive. See the rules for resolving [Relative References](#relative-references-in-urls). | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -2289,14 +2289,14 @@ For computing links and providing instructions to execute them, a [runtime expre ##### Fixed Fields -| Field Name | Type | Description | -| ------------------------------------------- | :------------------------------------------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| operationRef | `string` | A relative or absolute URI reference to an OAS operation. This field is mutually exclusive of the `operationId` field, and MUST point to an [Operation Object](#operation-object). Relative `operationRef` values MAY be used to locate an existing [Operation Object](#operation-object) in the OpenAPI description. | -| operationId | `string` | The name of an _existing_, resolvable OAS operation, as defined with a unique `operationId`. This field is mutually exclusive of the `operationRef` field. | -| parameters | Map[`string`, Any \| [{expression}](#runtime-expressions)] | A map representing parameters to pass to an operation as specified with `operationId` or identified via `operationRef`. The key is the parameter name to be used (optionally qualified with the parameter location, e.g. `path.id` for an `id` parameter in the path), whereas the value can be a constant or an expression to be evaluated and passed to the linked operation. | -| requestBody | Any \| [{expression}](#runtime-expressions) | A literal value or [{expression}](#runtime-expressions) to use as a request body when calling the target operation. | -| description | `string` | A description of the link. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | -| server | [Server Object](#server-object) | A server object to be used by the target operation. | +| Field Name | Type | Description | +| --------------------------------------------- | :--------------------------------------------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| operationRef | `string` | A relative or absolute URI reference to an OAS operation. This field is mutually exclusive of the `operationId` field, and MUST point to an [Operation Object](#operation-object). Relative `operationRef` values MAY be used to locate an existing [Operation Object](#operation-object) in the OpenAPI description. | +| operationId | `string` | The name of an _existing_, resolvable OAS operation, as defined with a unique `operationId`. This field is mutually exclusive of the `operationRef` field. | +| parameters | Map[`string`, Any \| [{expression}](#runtime-expressions)] | A map representing parameters to pass to an operation as specified with `operationId` or identified via `operationRef`. The key is the parameter name to be used (optionally qualified with the parameter location, e.g. `path.id` for an `id` parameter in the path), whereas the value can be a constant or an expression to be evaluated and passed to the linked operation. | +| requestBody | Any \| [{expression}](#runtime-expressions) | A literal value or [{expression}](#runtime-expressions) to use as a request body when calling the target operation. | +| description | `string` | A description of the link. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | +| server | [Server Object](#server-object) | A server object to be used by the target operation. | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -2440,10 +2440,10 @@ The table below provides examples of runtime expressions and examples of their u | Source Location | example expression | notes | | --------------------- | :------------------------- | :-------------------------------------------------------------------------------------------------------------------------------------------------- | | HTTP Method | `$method` | The allowable values for the `$method` will be those for the HTTP operation. | -| Requested media type | `$request.header.accept` | | +| Requested media type | `$request.header.accept` | | | Request parameter | `$request.path.id` | Request parameters MUST be declared in the `parameters` section of the parent operation or they cannot be evaluated. This includes request headers. | | Request body property | `$request.body#/user/uuid` | In operations which accept payloads, references may be made to portions of the `requestBody` or the entire body. | -| Request URL | `$url` || +| Request URL | `$url` | | | Response value | `$response.body#/status` | In operations which return payloads, references may be made to portions of the response body or the entire body. | | Response header | `$response.header.Server` | Single header values only are available | @@ -2466,8 +2466,8 @@ The Header Object follows the structure of the [Parameter Object](#parameter-obj These fields MAY be used with either `content` or `schema`. -| Field Name | Type | Description | -| ------------------------------------------- | :-------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| Field Name | Type | Description | +| -------------------------------------------- | :-------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | description | `string` | A brief description of the header. This could contain examples of use. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | | required | `boolean` | Determines whether this header is mandatory. The default value is `false`. | | deprecated | `boolean` | Specifies that the header is deprecated and SHOULD be transitioned out of usage. Default value is `false`. | @@ -2484,13 +2484,13 @@ Serializing with `schema` is NOT RECOMMENDED for headers with parameters (name=v When `example` or `examples` are provided in conjunction with the `schema` field, the example SHOULD match the specified schema and follow the prescribed serialization strategy for the header. The `example` and `examples` fields are mutually exclusive, and if either is present it SHALL _override_ any `example` in the schema. -| Field Name | Type | Description | -| ------------------------------------- | :--------------------------------------------------------------------------------------: | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| style | `string` | Describes how the header value will be serialized. The default (and only legal value for headers) is `"simple"`. | -| explode | `boolean` | When this is true, header values of type `array` or `object` generate a single header whose value is a comma-separated list of the array items or key-value pairs of the map, see [Style Examples](#style-examples). For other data types this field has no effect. The default value is `false`. | -| schema | [Schema Object](#schema-object) \| [Reference Object](#reference-object) | The schema defining the type used for the header. | -| example | Any | Example of the header's potential value; see [Working With Examples](#working-with-examples). | -| examples | Map[ `string`, [Example Object](#example-object) \| [Reference Object](#reference-object)] | Examples of the header's potential value; see [Working With Examples](#working-with-examples). | +| Field Name | Type | Description | +| -------------------------------------- | :----------------------------------------------------------------------------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| style | `string` | Describes how the header value will be serialized. The default (and only legal value for headers) is `"simple"`. | +| explode | `boolean` | When this is true, header values of type `array` or `object` generate a single header whose value is a comma-separated list of the array items or key-value pairs of the map, see [Style Examples](#style-examples). For other data types this field has no effect. The default value is `false`. | +| schema | [Schema Object](#schema-object) \| [Reference Object](#reference-object) | The schema defining the type used for the header. | +| example | Any | Example of the header's potential value; see [Working With Examples](#working-with-examples). | +| examples | Map[ `string`, [Example Object](#example-object) \| [Reference Object](#reference-object)] | Examples of the header's potential value; see [Working With Examples](#working-with-examples). | See also [Appendix C: Using RFC6570 Implementations](#appendix-c-using-rfc6570-implementations) for additional guidance. @@ -2499,8 +2499,8 @@ See also [Appendix C: Using RFC6570 Implementations](#appendix-c-using-rfc6570-i For more complex scenarios, the [`content`](#header-content) field can define the media type and schema of the header, as well as give examples of its use. Using `content` with a `text/plain` media type is RECOMMENDED for headers where the `schema` strategy is not appropriate. -| Field Name | Type | Description | -| ----------------------------------- | :--------------------------------------------------: | ----------------------------------------------------------------------------------------------------------------------------------------------- | +| Field Name | Type | Description | +| ------------------------------------ | :----------------------------------------------------: | ----------------------------------------------------------------------------------------------------------------------------------------------- | | content | Map[`string`, [Media Type Object](#media-type-object)] | A map containing the representations for the header. The key is the media type and the value describes it. The map MUST only contain one entry. | ##### Header Object Example @@ -2556,10 +2556,10 @@ It is not mandatory to have a Tag Object per tag defined in the Operation Object ##### Fixed Fields -| Field Name | Type | Description | -| ------------------------------------------ | :-----------------------------------------------------------: | ---------------------------------------------------------------------------------------------------------------------- | -| name | `string` | **REQUIRED**. The name of the tag. | -| description | `string` | A description for the tag. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | +| Field Name | Type | Description | +| -------------------------------------------- | :-------------------------------------------------------------: | ---------------------------------------------------------------------------------------------------------------------- | +| name | `string` | **REQUIRED**. The name of the tag. | +| description | `string` | A description for the tag. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | | externalDocs | [External Documentation Object](#external-documentation-object) | Additional external documentation for this tag. | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -2588,8 +2588,8 @@ For this specification, reference resolution is accomplished as defined by the J ##### Fixed Fields -| Field Name | Type | Description | -| ------------------------------- | :------: | ----------------------------------- | +| Field Name | Type | Description | +| -------------------------------- | :------: | ----------------------------------- | | $ref | `string` | **REQUIRED**. The reference string. | This object cannot be extended with additional properties, and any properties added SHALL be ignored. @@ -2682,16 +2682,16 @@ Other than the JSON Schema subset fields, the following fields MAY be used for f ##### Fixed Fields -| Field Name | Type | Description | -| ----------------------------------------------- | :-----------------------------------------------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| nullable | `boolean` | This keyword only takes effect if `type` is explicitly defined within the same Schema Object. A `true` value indicates that both `null` values and values of the type specified by `type` are allowed. Other Schema Object constraints retain their defined behavior, and therefore may disallow the use of `null` as a value. A `false` value leaves the specified or default `type` unmodified. The default value is `false`. | -| discriminator | [Discriminator Object](#discriminator-object) | Adds support for polymorphism. The discriminator is used to determine which of a set of schemas a payload is expected to satisfy. See [Composition and Inheritance](#composition-and-inheritance-polymorphism) for more details. | -| readOnly | `boolean` | Relevant only for Schema Object `properties` definitions. Declares the property as "read only". This means that it MAY be sent as part of a response but SHOULD NOT be sent as part of the request. If the property is marked as `readOnly` being `true` and is in the `required` list, the `required` will take effect on the response only. A property MUST NOT be marked as both `readOnly` and `writeOnly` being `true`. Default value is `false`. | -| writeOnly | `boolean` | Relevant only for Schema Object `properties` definitions. Declares the property as "write only". Therefore, it MAY be sent as part of a request but SHOULD NOT be sent as part of the response. If the property is marked as `writeOnly` being `true` and is in the `required` list, the `required` will take effect on the request only. A property MUST NOT be marked as both `readOnly` and `writeOnly` being `true`. Default value is `false`. | -| xml | [XML Object](#xml-object) | This MAY be used only on property schemas. It has no effect on root schemas. Adds additional metadata to describe the XML representation of this property. | -| externalDocs | [External Documentation Object](#external-documentation-object) | Additional external documentation for this schema. | -| example | Any | A free-form field to include an example of an instance for this schema. To represent examples that cannot be naturally represented in JSON or YAML, a string value can be used to contain the example with escaping where necessary. | -| deprecated | `boolean` | Specifies that a schema is deprecated and SHOULD be transitioned out of usage. Default value is `false`. | +| Field Name | Type | Description | +| ------------------------------------------------ | :-------------------------------------------------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| nullable | `boolean` | This keyword only takes effect if `type` is explicitly defined within the same Schema Object. A `true` value indicates that both `null` values and values of the type specified by `type` are allowed. Other Schema Object constraints retain their defined behavior, and therefore may disallow the use of `null` as a value. A `false` value leaves the specified or default `type` unmodified. The default value is `false`. | +| discriminator | [Discriminator Object](#discriminator-object) | Adds support for polymorphism. The discriminator is used to determine which of a set of schemas a payload is expected to satisfy. See [Composition and Inheritance](#composition-and-inheritance-polymorphism) for more details. | +| readOnly | `boolean` | Relevant only for Schema Object `properties` definitions. Declares the property as "read only". This means that it MAY be sent as part of a response but SHOULD NOT be sent as part of the request. If the property is marked as `readOnly` being `true` and is in the `required` list, the `required` will take effect on the response only. A property MUST NOT be marked as both `readOnly` and `writeOnly` being `true`. Default value is `false`. | +| writeOnly | `boolean` | Relevant only for Schema Object `properties` definitions. Declares the property as "write only". Therefore, it MAY be sent as part of a request but SHOULD NOT be sent as part of the response. If the property is marked as `writeOnly` being `true` and is in the `required` list, the `required` will take effect on the request only. A property MUST NOT be marked as both `readOnly` and `writeOnly` being `true`. Default value is `false`. | +| xml | [XML Object](#xml-object) | This MAY be used only on property schemas. It has no effect on root schemas. Adds additional metadata to describe the XML representation of this property. | +| externalDocs | [External Documentation Object](#external-documentation-object) | Additional external documentation for this schema. | +| example | Any | A free-form field to include an example of an instance for this schema. To represent examples that cannot be naturally represented in JSON or YAML, a string value can be used to contain the example with escaping where necessary. | +| deprecated | `boolean` | Specifies that a schema is deprecated and SHOULD be transitioned out of usage. Default value is `false`. | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -3031,8 +3031,8 @@ Note that `discriminator` MUST NOT change the validation outcome of the schema. ##### Fixed Fields -| Field Name | Type | Description | -| ------------------------------------------- | :---------------------: | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Field Name | Type | Description | +| -------------------------------------------- | :---------------------: | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | propertyName | `string` | **REQUIRED**. The name of the property in the payload that will hold the discriminating value. This property SHOULD be required in the payload schema, as the behavior when the property is absent is undefined. | | mapping | Map[`string`, `string`] | An object to hold mappings between payload values and schema names or URI references. | @@ -3190,13 +3190,13 @@ See examples for expected behavior. ##### Fixed Fields -| Field Name | Type | Description | -| ------------------------------------ | :-------: | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Field Name | Type | Description | +| ------------------------------------- | :-------: | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | name | `string` | Replaces the name of the element/attribute used for the described schema property. When defined within `items`, it will affect the name of the individual XML elements within the list. When defined alongside `type` being `"array"` (outside the `items`), it will affect the wrapping element if and only if `wrapped` is `true`. If `wrapped` is `false`, it will be ignored. | -| namespace | `string` | The URI of the namespace definition. Value MUST be in the form of a non-relative URI. | -| prefix | `string` | The prefix to be used for the [name](#xml-name). | -| attribute | `boolean` | Declares whether the property definition translates to an attribute instead of an element. Default value is `false`. | -| wrapped | `boolean` | MAY be used only for an array definition. Signifies whether the array is wrapped (for example, ``) or unwrapped (``). Default value is `false`. The definition takes effect only when defined alongside `type` being `"array"` (outside the `items`). | +| namespace | `string` | The URI of the namespace definition. Value MUST be in the form of a non-relative URI. | +| prefix | `string` | The prefix to be used for the [name](#xml-name). | +| attribute | `boolean` | Declares whether the property definition translates to an attribute instead of an element. Default value is `false`. | +| wrapped | `boolean` | MAY be used only for an array definition. Signifies whether the array is wrapped (for example, ``) or unwrapped (``). Default value is `false`. The definition takes effect only when defined alongside `type` being `"array"` (outside the `items`). | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -3550,16 +3550,16 @@ Please note that as of 2020, the implicit flow is about to be deprecated by [OAu ##### Fixed Fields -| Field Name | Type | Applies To | Description | -| ------------------------------------------------------------- | :-------------------------------------: | ------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| type | `string` | Any | **REQUIRED**. The type of the security scheme. Valid values are `"apiKey"`, `"http"`, `"oauth2"`, `"openIdConnect"`. | -| description | `string` | Any | A description for security scheme. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | -| name | `string` | `apiKey` | **REQUIRED**. The name of the header, query or cookie parameter to be used. | -| in | `string` | `apiKey` | **REQUIRED**. The location of the API key. Valid values are `"query"`, `"header"`, or `"cookie"`. | -| scheme | `string` | `http` | **REQUIRED**. The name of the HTTP Authentication scheme to be used in the [Authorization header as defined in RFC7235](https://tools.ietf.org/html/rfc7235#section-5.1). The values used SHOULD be registered in the [IANA Authentication Scheme registry](https://www.iana.org/assignments/http-authschemes/http-authschemes.xhtml). The value is case-insensitive, as defined in [RFC7235](https://datatracker.ietf.org/doc/html/rfc7235#section-2.1). | -| bearerFormat | `string` | `http` (`"bearer"`) | A hint to the client to identify how the bearer token is formatted. Bearer tokens are usually generated by an authorization server, so this information is primarily for documentation purposes. | -| flows | [OAuth Flows Object](#oauth-flows-object) | `oauth2` | **REQUIRED**. An object containing configuration information for the flow types supported. | -| openIdConnectUrl | `string` | `openIdConnect` | **REQUIRED**. [Well-known URL](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig) to discover the [[OpenID-Connect-Discovery]] [provider metadata](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata). | +| Field Name | Type | Applies To | Description | +| ------------------------------------------------------------------ | :---------------------------------------: | ------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| type | `string` | Any | **REQUIRED**. The type of the security scheme. Valid values are `"apiKey"`, `"http"`, `"oauth2"`, `"openIdConnect"`. | +| description | `string` | Any | A description for security scheme. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | +| name | `string` | `apiKey` | **REQUIRED**. The name of the header, query or cookie parameter to be used. | +| in | `string` | `apiKey` | **REQUIRED**. The location of the API key. Valid values are `"query"`, `"header"`, or `"cookie"`. | +| scheme | `string` | `http` | **REQUIRED**. The name of the HTTP Authentication scheme to be used in the [Authorization header as defined in RFC7235](https://tools.ietf.org/html/rfc7235#section-5.1). The values used SHOULD be registered in the [IANA Authentication Scheme registry](https://www.iana.org/assignments/http-authschemes/http-authschemes.xhtml). The value is case-insensitive, as defined in [RFC7235](https://datatracker.ietf.org/doc/html/rfc7235#section-2.1). | +| bearerFormat | `string` | `http` (`"bearer"`) | A hint to the client to identify how the bearer token is formatted. Bearer tokens are usually generated by an authorization server, so this information is primarily for documentation purposes. | +| flows | [OAuth Flows Object](#oauth-flows-object) | `oauth2` | **REQUIRED**. An object containing configuration information for the flow types supported. | +| openIdConnectUrl | `string` | `openIdConnect` | **REQUIRED**. [Well-known URL](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig) to discover the [[OpenID-Connect-Discovery]] [provider metadata](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata). | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -3644,10 +3644,10 @@ Allows configuration of the supported OAuth Flows. ##### Fixed Fields -| Field Name | Type | Description | -| ----------------------------------------------------------- | :-----------------------------------: | ---------------------------------------------------------------------------------------------------- | -| implicit | [OAuth Flow Object](#oauth-flow-object) | Configuration for the OAuth Implicit flow | -| password | [OAuth Flow Object](#oauth-flow-object) | Configuration for the OAuth Resource Owner Password flow | +| Field Name | Type | Description | +| -------------------------------------------------------------- | :-------------------------------------: | ---------------------------------------------------------------------------------------------------- | +| implicit | [OAuth Flow Object](#oauth-flow-object) | Configuration for the OAuth Implicit flow | +| password | [OAuth Flow Object](#oauth-flow-object) | Configuration for the OAuth Resource Owner Password flow | | clientCredentials | [OAuth Flow Object](#oauth-flow-object) | Configuration for the OAuth Client Credentials flow. Previously called `application` in OpenAPI 2.0. | | authorizationCode | [OAuth Flow Object](#oauth-flow-object) | Configuration for the OAuth Authorization Code flow. Previously called `accessCode` in OpenAPI 2.0. | @@ -3659,12 +3659,12 @@ Configuration details for a supported OAuth Flow ##### Fixed Fields -| Field Name | Type | Applies To | Description | -| -------------------------------------------------------- | :---------------------: | --------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------- | +| Field Name | Type | Applies To | Description | +| ----------------------------------------------------------- | :---------------------: | --------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------- | | authorizationUrl | `string` | `oauth2` (`"implicit"`, `"authorizationCode"`) | **REQUIRED**. The authorization URL to be used for this flow. This MUST be in the form of a URL. The OAuth2 standard requires the use of TLS. | | tokenUrl | `string` | `oauth2` (`"password"`, `"clientCredentials"`, `"authorizationCode"`) | **REQUIRED**. The token URL to be used for this flow. This MUST be in the form of a URL. The OAuth2 standard requires the use of TLS. | | refreshUrl | `string` | `oauth2` | The URL to be used for obtaining refresh tokens. This MUST be in the form of a URL. The OAuth2 standard requires the use of TLS. | -| scopes | Map[`string`, `string`] | `oauth2` | **REQUIRED**. The available scopes for the OAuth2 security scheme. A map between the scope name and a short description for it. The map MAY be empty. | +| scopes | Map[`string`, `string`] | `oauth2` | **REQUIRED**. The available scopes for the OAuth2 security scheme. A map between the scope name and a short description for it. The map MAY be empty. | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -3721,8 +3721,8 @@ When a list of Security Requirement Objects is defined on the [OpenAPI Object](# ##### Patterned Fields -| Field Pattern | Type | Description | -| --------------------------------------------- | :--------: | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Field Pattern | Type | Description | +| ----------------------------------------------- | :--------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | {name} | [`string`] | Each name MUST correspond to a security scheme which is declared in the [Security Schemes](#security-scheme-object) under the [Components Object](#components-object). If the security scheme is of type `"oauth2"` or `"openIdConnect"`, then the value is a list of scope names required for the execution, and the list MAY be empty if authorization does not require a specified scope. For other security scheme types, the array MUST be empty. | ##### Security Requirement Object Examples @@ -3878,8 +3878,8 @@ While the OpenAPI Specification tries to accommodate most use cases, additional The extensions properties are implemented as patterned fields that are always prefixed by `x-`. -| Field Pattern | Type | Description | -| -------------------------------- | :--: | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Field Pattern | Type | Description | +| --------------------------------- | :--: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | ^x- | Any | Allows extensions to the OpenAPI Schema. The field name MUST begin with `x-`, for example, `x-internal-id`. The value can be any valid JSON value (`null`, a primitive, an array, or an object.) | The OpenAPI Initiative maintains several [[OpenAPI-Registry|extension registries]], including registries for [individual extension keywords](https://spec.openapis.org/registry/extension/) and [extension keyword namespaces](https://spec.openapis.org/registry/namespace/). @@ -3978,8 +3978,8 @@ Requiring input as pre-formatted, schema-validated strings also improves round-t Serialization is defined in terms of [RFC6570](https://www.rfc-editor.org/rfc/rfc6570) URI Templates in two scenarios: -| Object | Condition | -| ------------------------------------ | ---------------------------------------------------------------------------------------------------------------- | +| Object | Condition | +| ------------------------------------- | ---------------------------------------------------------------------------------------------------------------- | | [Parameter Object](#parameter-object) | When `schema` is present | | [Encoding Object](#encoding-object) | When encoding for `application/x-www-form-urlencoded` and any of `style`, `explode`, or `allowReserved` are used | @@ -4324,4 +4324,3 @@ Code that relies on leaving these delimiters unencoded, while using regular perc For maximum interoperability, it is RECOMMENDED to either define and document an additional escape convention while percent-encoding the delimiters for these styles, or to avoid these styles entirely. The exact method of additional encoding/escaping is left to the API designer, and is expected to be performed before serialization and encoding described in this specification, and reversed after this specification's encoding and serialization steps are reversed. This keeps it outside of the processes governed by this specification. - From 1632456dd54d9708ca22a22159ed34ca13e31b14 Mon Sep 17 00:00:00 2001 From: Ralf Handl Date: Thu, 22 Aug 2024 15:25:34 +0200 Subject: [PATCH 211/251] Update 3.0.4.md --- versions/3.0.4.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 89c2594c9b..70d10cbfc2 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -2017,8 +2017,8 @@ The key value used to identify the Path Item Object is an expression, evaluated ##### Patterned Fields -| Field Pattern | Type | Description | -| --------------------------------------------- | :---------------------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Field Pattern | Type | Description | +| ---------------------------------------------- | :-----------------------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | {expression} | [Path Item Object](#path-item-object) | A Path Item Object used to define a callback request and expected responses. A [complete example](https://learn.openapis.org/examples/v3.0/callback-example.html) is available. | This object MAY be extended with [Specification Extensions](#specification-extensions). From b41f4f7211460cf308baf0b7f252fe945cd317eb Mon Sep 17 00:00:00 2001 From: Ralf Handl Date: Thu, 22 Aug 2024 15:37:34 +0200 Subject: [PATCH 212/251] Run prettier --- versions/3.0.4.md | 456 +++++++++++++++++++++++----------------------- 1 file changed, 228 insertions(+), 228 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index db4c784cfe..2137cfd46b 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -139,12 +139,12 @@ Several features of this specification require resolution of non-URI-based conne These connections are unambiguously resolved in single-document OADs, but the resolution process in multi-document OADs is _implementation-defined_, within the constraints described in this section. In some cases, an unambiguous URI-based alternative is available, and OAD authors are RECOMMENDED to always use the alternative: -| Source | Target | Alternative | -| -------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------- | --------------------------------- | -| [Security Requirement Object](#security-requirement-object) `{name}` | [Security Scheme Object](#security-scheme-object) name under the [Components Object](#components-object) | _n/a_ | -| [Discriminator Object](#discriminator-object) `mapping` _(implicit, or explicit name syntax)_ | [Schema Object](#schema-object) name under the Components Object | `mapping` _(explicit URI syntax)_ | -| [Operation Object](#operation-object) `tags` | [Tag Object](#tag-object) `name` (in the [OpenAPI Object](#openapi-object)'s `tags` array) | _n/a_ | -| [Link Object](#link-object) `operationId` | [Path Item Object](#path-item-object) `operationId` | `operationRef` | +| Source | Target | Alternative | +| --------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------- | --------------------------------- | +| [Security Requirement Object](#security-requirement-object) `{name}` | [Security Scheme Object](#security-scheme-object) name under the [Components Object](#components-object) | _n/a_ | +| [Discriminator Object](#discriminator-object) `mapping` _(implicit, or explicit name syntax)_ | [Schema Object](#schema-object) name under the Components Object | `mapping` _(explicit URI syntax)_ | +| [Operation Object](#operation-object) `tags` | [Tag Object](#tag-object) `name` (in the [OpenAPI Object](#openapi-object)'s `tags` array) | _n/a_ | +| [Link Object](#link-object) `operationId` | [Path Item Object](#path-item-object) `operationId` | `operationRef` | A fifth implicit connection involves appending the templated URL paths of the [Paths Object](#paths-object) to the appropriate [Server Object](#server-object)'s `url` field. This is unambiguous because only the entry document's Paths Object contributes URLs to the described API. @@ -188,16 +188,16 @@ Types that are not accompanied by a `format` keyword follow the type definition The formats defined by the OAS are: | [`type`](#data-types) | [`format`](#data-type-format) | Comments | -| -------------------- | --------------------------- | ----------------------------------------------------------------------------------------- | -| `integer` | `int32` | signed 32 bits | -| `integer` | `int64` | signed 64 bits (a.k.a long) | -| `number` | `float` | | -| `number` | `double` | | -| `string` | `byte` | base64 encoded characters - [RFC4648](https://www.rfc-editor.org/rfc/rfc4648#section-4) | -| `string` | `binary` | any sequence of octets | -| `string` | `date` | As defined by `full-date` - [RFC3339](https://www.rfc-editor.org/rfc/rfc3339#section-5.6) | -| `string` | `date-time` | As defined by `date-time` - [RFC3339](https://www.rfc-editor.org/rfc/rfc3339#section-5.6) | -| `string` | `password` | A hint to obscure the value. | +| --------------------- | ----------------------------- | ----------------------------------------------------------------------------------------- | +| `integer` | `int32` | signed 32 bits | +| `integer` | `int64` | signed 64 bits (a.k.a long) | +| `number` | `float` | | +| `number` | `double` | | +| `string` | `byte` | base64 encoded characters - [RFC4648](https://www.rfc-editor.org/rfc/rfc4648#section-4) | +| `string` | `binary` | any sequence of octets | +| `string` | `date` | As defined by `full-date` - [RFC3339](https://www.rfc-editor.org/rfc/rfc3339#section-5.6) | +| `string` | `date-time` | As defined by `date-time` - [RFC3339](https://www.rfc-editor.org/rfc/rfc3339#section-5.6) | +| `string` | `password` | A hint to obscure the value. | #### Working With Binary Data @@ -242,15 +242,15 @@ This is the root object of the [OpenAPI document](#openapi-description). ##### Fixed Fields -| Field Name | Type | Description | -| ------------------------------------------ | :-----------------------------------------------------------: | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| openapi | `string` | **REQUIRED**. This string MUST be the [version number](#versions) of the OpenAPI Specification that the OpenAPI document uses. The `openapi` field SHOULD be used by tooling to interpret the OpenAPI document. This is _not_ related to the API [`info.version`](#info-version) string. | -| info | [Info Object](#info-object) | **REQUIRED**. Provides metadata about the API. The metadata MAY be used by tooling as required. | -| servers | [[Server Object](#server-object)] | An array of Server Objects, which provide connectivity information to a target server. If the `servers` field is not provided, or is an empty array, the default value would be a [Server Object](#server-object) with a [url](#server-url) value of `/`. | -| paths | [Paths Object](#paths-object) | **REQUIRED**. The available paths and operations for the API. | -| components | [Components Object](#components-object) | An element to hold various schemas for the document. | -| security | [[Security Requirement Object](#security-requirement-object)] | A declaration of which security mechanisms can be used across the API. The list of values includes alternative Security Requirement Objects that can be used. Only one of the Security Requirement Objects need to be satisfied to authorize a request. Individual operations can override this definition. To make security optional, an empty security requirement (`{}`) can be included in the array. | -| tags | [[Tag Object](#tag-object)] | A list of tags used by the document with additional metadata. The order of the tags can be used to reflect on their order by the parsing tools. Not all tags that are used by the [Operation Object](#operation-object) must be declared. The tags that are not declared MAY be organized randomly or based on the tools' logic. Each tag name in the list MUST be unique. | +| Field Name | Type | Description | +| -------------------------------------------- | :-------------------------------------------------------------: | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| openapi | `string` | **REQUIRED**. This string MUST be the [version number](#versions) of the OpenAPI Specification that the OpenAPI document uses. The `openapi` field SHOULD be used by tooling to interpret the OpenAPI document. This is _not_ related to the API [`info.version`](#info-version) string. | +| info | [Info Object](#info-object) | **REQUIRED**. Provides metadata about the API. The metadata MAY be used by tooling as required. | +| servers | [[Server Object](#server-object)] | An array of Server Objects, which provide connectivity information to a target server. If the `servers` field is not provided, or is an empty array, the default value would be a [Server Object](#server-object) with a [url](#server-url) value of `/`. | +| paths | [Paths Object](#paths-object) | **REQUIRED**. The available paths and operations for the API. | +| components | [Components Object](#components-object) | An element to hold various schemas for the document. | +| security | [[Security Requirement Object](#security-requirement-object)] | A declaration of which security mechanisms can be used across the API. The list of values includes alternative Security Requirement Objects that can be used. Only one of the Security Requirement Objects need to be satisfied to authorize a request. Individual operations can override this definition. To make security optional, an empty security requirement (`{}`) can be included in the array. | +| tags | [[Tag Object](#tag-object)] | A list of tags used by the document with additional metadata. The order of the tags can be used to reflect on their order by the parsing tools. Not all tags that are used by the [Operation Object](#operation-object) must be declared. The tags that are not declared MAY be organized randomly or based on the tools' logic. Each tag name in the list MUST be unique. | | externalDocs | [External Documentation Object](#external-documentation-object) | Additional external documentation. | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -262,14 +262,14 @@ The metadata MAY be used by the clients if needed, and MAY be presented in editi ##### Fixed Fields -| Field Name | Type | Description | -| ----------------------------------------------- | :------------------------------: | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| title | `string` | **REQUIRED**. The title of the API. | -| description | `string` | A description of the API. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | -| termsOfService | `string` | A URL for the Terms of Service for the API. This MUST be in the form of a URL. | -| contact | [Contact Object](#contact-object) | The contact information for the exposed API. | -| license | [License Object](#license-object) | The license information for the exposed API. | -| version | `string` | **REQUIRED**. The version of the OpenAPI document (which is distinct from the [OpenAPI Specification version](#oas-version) or the version of the API being described). | +| Field Name | Type | Description | +| -------------------------------------------------- | :-------------------------------: | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| title | `string` | **REQUIRED**. The title of the API. | +| description | `string` | A description of the API. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | +| termsOfService | `string` | A URL for the Terms of Service for the API. This MUST be in the form of a URL. | +| contact | [Contact Object](#contact-object) | The contact information for the exposed API. | +| license | [License Object](#license-object) | The license information for the exposed API. | +| version | `string` | **REQUIRED**. The version of the OpenAPI document (which is distinct from the [OpenAPI Specification version](#oas-version) or the version of the API being described). | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -313,8 +313,8 @@ Contact information for the exposed API. ##### Fixed Fields -| Field Name | Type | Description | -| -------------------------------- | :------: | --------------------------------------------------------------------------------------------------- | +| Field Name | Type | Description | +| --------------------------------- | :------: | --------------------------------------------------------------------------------------------------- | | name | `string` | The identifying name of the contact person/organization. | | url | `string` | The URL for the contact information. This MUST be in the form of a URL. | | email | `string` | The email address of the contact person/organization. This MUST be in the form of an email address. | @@ -343,8 +343,8 @@ License information for the exposed API. ##### Fixed Fields -| Field Name | Type | Description | -| ------------------------------ | :------: | -------------------------------------------------------------------------- | +| Field Name | Type | Description | +| ------------------------------- | :------: | -------------------------------------------------------------------------- | | name | `string` | **REQUIRED**. The license name used for the API. | | url | `string` | A URL for the license used for the API. This MUST be in the form of a URL. | @@ -370,11 +370,11 @@ An object representing a Server. ##### Fixed Fields -| Field Name | Type | Description | -| ------------------------------------------- | :------------------------------------------------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| url | `string` | **REQUIRED**. A URL to the target host. This URL supports Server Variables and MAY be relative, to indicate that the host location is relative to the location where the OpenAPI document is being served. Variable substitutions will be made when a variable is named in `{`braces`}`. | -| description | `string` | An optional string describing the host designated by the URL. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | -| variables | Map[`string`, [Server Variable Object](#server-variable-object)] | A map between a variable name and its value. The value is used for substitution in the server's URL template. | +| Field Name | Type | Description | +| -------------------------------------------- | :--------------------------------------------------------------: | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| url | `string` | **REQUIRED**. A URL to the target host. This URL supports Server Variables and MAY be relative, to indicate that the host location is relative to the location where the OpenAPI document is being served. Variable substitutions will be made when a variable is named in `{`braces`}`. | +| description | `string` | An optional string describing the host designated by the URL. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | +| variables | Map[`string`, [Server Variable Object](#server-variable-object)] | A map between a variable name and its value. The value is used for substitution in the server's URL template. | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -476,11 +476,11 @@ An object representing a Server Variable for server URL template substitution. ##### Fixed Fields -| Field Name | Type | Description | -| --------------------------------------------------- | :--------: | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| enum | [`string`] | An enumeration of string values to be used if the substitution options are from a limited set. The array SHOULD NOT be empty. | +| Field Name | Type | Description | +| ----------------------------------------------------- | :--------: | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| enum | [`string`] | An enumeration of string values to be used if the substitution options are from a limited set. The array SHOULD NOT be empty. | | default | `string` | **REQUIRED**. The default value to use for substitution, which SHALL be sent if an alternate value is _not_ supplied. Note this behavior is different than the [Schema Object's](#schema-object) treatment of default values, because in those cases parameter values are optional. If the [`enum`](#server-variable-enum) is defined, the value SHOULD exist in the enum's values. | -| description | `string` | An optional description for the server variable. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | +| description | `string` | An optional description for the server variable. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -491,17 +491,17 @@ All objects defined within the Components Object will have no effect on the API ##### Fixed Fields -| Field Name | Type | Description | -| -------------------------------------------------------- | :----------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------- | -| schemas | Map[`string`, [Schema Object](#schema-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Schema Objects](#schema-object). | -| responses | Map[`string`, [Response Object](#response-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Response Objects](#response-object). | -| parameters | Map[`string`, [Parameter Object](#parameter-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Parameter Objects](#parameter-object). | -| examples | Map[`string`, [Example Object](#example-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Example Objects](#example-object). | -| requestBodies | Map[`string`, [Request Body Object](#request-body-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Request Body Objects](#request-body-object). | -| headers | Map[`string`, [Header Object](#header-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Header Objects](#header-object). | -| securitySchemes | Map[`string`, [Security Scheme Object](#security-scheme-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Security Scheme Objects](#security-scheme-object). | -| links | Map[`string`, [Link Object](#link-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Link Objects](#link-object). | -| callbacks | Map[`string`, [Callback Object](#callback-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Callback Objects](#callback-object). | +| Field Name | Type | Description | +| ------------------------------------------------------ | :-------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------ | +| schemas | Map[`string`, [Schema Object](#schema-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Schema Objects](#schema-object). | +| responses | Map[`string`, [Response Object](#response-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Response Objects](#response-object). | +| parameters | Map[`string`, [Parameter Object](#parameter-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Parameter Objects](#parameter-object). | +| examples | Map[`string`, [Example Object](#example-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Example Objects](#example-object). | +| requestBodies | Map[`string`, [Request Body Object](#request-body-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Request Body Objects](#request-body-object). | +| headers | Map[`string`, [Header Object](#header-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Header Objects](#header-object). | +| securitySchemes | Map[`string`, [Security Scheme Object](#security-scheme-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Security Scheme Objects](#security-scheme-object). | +| links | Map[`string`, [Link Object](#link-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Link Objects](#link-object). | +| callbacks | Map[`string`, [Callback Object](#callback-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Callback Objects](#callback-object). | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -698,8 +698,8 @@ The path is appended to the URL from the [Server Object](#server-object) in orde ##### Patterned Fields -| Field Pattern | Type | Description | -| ------------------------------- | :---------------------------------: | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Field Pattern | Type | Description | +| -------------------------------- | :-----------------------------------: | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | /{path} | [Path Item Object](#path-item-object) | A relative path to an individual endpoint. The field name MUST begin with a forward slash (`/`). The path is **appended** (no relative URL resolution) to the expanded URL from the [Server Object](#server-object)'s `url` field in order to construct the full URL. [Path templating](#path-templating) is allowed. When matching URLs, concrete (non-templated) paths would be matched before their templated counterparts. Templated paths with the same hierarchy but different templated names MUST NOT exist as they are identical. In case of ambiguous matching, it's up to the tooling to decide which one to use. | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -777,20 +777,20 @@ The path itself is still exposed to the documentation viewer but they will not k ##### Fixed Fields -| Field Name | Type | Description | -| --------------------------------------------- | :----------------------------------------------------------------------------: | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| $ref | `string` | Allows for a referenced definition of this path item. The value MUST be in the form of a URL, and the referenced structure MUST be in the form of a [Path Item Object](#path-item-object). In case a Path Item Object field appears both in the defined object and the referenced object, the behavior is undefined. See the rules for resolving [Relative References](#relative-references-in-urls). | -| summary | `string` | An optional string summary, intended to apply to all operations in this path. | -| description | `string` | An optional string description, intended to apply to all operations in this path. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | -| get | [Operation Object](#operation-object) | A definition of a GET operation on this path. | -| put | [Operation Object](#operation-object) | A definition of a PUT operation on this path. | -| post | [Operation Object](#operation-object) | A definition of a POST operation on this path. | -| delete | [Operation Object](#operation-object) | A definition of a DELETE operation on this path. | -| options | [Operation Object](#operation-object) | A definition of a OPTIONS operation on this path. | -| head | [Operation Object](#operation-object) | A definition of a HEAD operation on this path. | -| patch | [Operation Object](#operation-object) | A definition of a PATCH operation on this path. | -| trace | [Operation Object](#operation-object) | A definition of a TRACE operation on this path. | -| servers | [[Server Object](#server-object)] | An alternative `servers` array to service all operations in this path. If a `servers` array is specified at the [OpenAPI Object](#oas-servers) level, it will be overridden by this value. | +| Field Name | Type | Description | +| ----------------------------------------------- | :------------------------------------------------------------------------------: | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| $ref | `string` | Allows for a referenced definition of this path item. The value MUST be in the form of a URL, and the referenced structure MUST be in the form of a [Path Item Object](#path-item-object). In case a Path Item Object field appears both in the defined object and the referenced object, the behavior is undefined. See the rules for resolving [Relative References](#relative-references-in-urls). | +| summary | `string` | An optional string summary, intended to apply to all operations in this path. | +| description | `string` | An optional string description, intended to apply to all operations in this path. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | +| get | [Operation Object](#operation-object) | A definition of a GET operation on this path. | +| put | [Operation Object](#operation-object) | A definition of a PUT operation on this path. | +| post | [Operation Object](#operation-object) | A definition of a POST operation on this path. | +| delete | [Operation Object](#operation-object) | A definition of a DELETE operation on this path. | +| options | [Operation Object](#operation-object) | A definition of a OPTIONS operation on this path. | +| head | [Operation Object](#operation-object) | A definition of a HEAD operation on this path. | +| patch | [Operation Object](#operation-object) | A definition of a PATCH operation on this path. | +| trace | [Operation Object](#operation-object) | A definition of a TRACE operation on this path. | +| servers | [[Server Object](#server-object)] | An alternative `servers` array to service all operations in this path. If a `servers` array is specified at the [OpenAPI Object](#oas-servers) level, it will be overridden by this value. | | parameters | [[Parameter Object](#parameter-object) \| [Reference Object](#reference-object)] | A list of parameters that are applicable for all the operations described under this path. These parameters can be overridden at the operation level, but cannot be removed there. The list MUST NOT include duplicated parameters. A unique parameter is defined by a combination of a [name](#parameter-name) and [location](#parameter-in). The list can use the [Reference Object](#reference-object) to link to parameters that are defined in the [OpenAPI Object's `components.parameters`](#components-parameters). | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -885,20 +885,20 @@ Describes a single API operation on a path. ##### Fixed Fields -| Field Name | Type | Description | -| ------------------------------------------------ | :---------------------------------------------------------------------------------------: | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| tags | [`string`] | A list of tags for API documentation control. Tags can be used for logical grouping of operations by resources or any other qualifier. | -| summary | `string` | A short summary of what the operation does. | -| description | `string` | A verbose explanation of the operation behavior. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | -| externalDocs | [External Documentation Object](#external-documentation-object) | Additional external documentation for this operation. | -| operationId | `string` | Unique string used to identify the operation. The id MUST be unique among all operations described in the API. The operationId value is **case-sensitive**. Tools and libraries MAY use the operationId to uniquely identify an operation, therefore, it is RECOMMENDED to follow common programming naming conventions. | -| parameters | [[Parameter Object](#parameter-object) \| [Reference Object](#reference-object)] | A list of parameters that are applicable for this operation. If a parameter is already defined in the [Path Item](#path-item-parameters), the new definition will override it but can never remove it. The list MUST NOT include duplicated parameters. A unique parameter is defined by a combination of a [name](#parameter-name) and [location](#parameter-in). The list can use the [Reference Object](#reference-object) to link to parameters that are defined in the [OpenAPI Object's `components.parameters`](#components-parameters). | -| requestBody | [Request Body Object](#request-body-object) \| [Reference Object](#reference-object) | The request body applicable for this operation. The `requestBody` is only supported in HTTP methods where the HTTP 1.1 specification [RFC7231](https://tools.ietf.org/html/rfc7231#section-4.3.1) has explicitly defined semantics for request bodies. In other cases where the HTTP spec is vague (such as [GET](https://tools.ietf.org/html/rfc7231#section-4.3.1), [HEAD](https://tools.ietf.org/html/rfc7231#section-4.3.2) and [DELETE](https://tools.ietf.org/html/rfc7231#section-4.3.5)), `requestBody` SHALL be ignored by consumers. | -| responses | [Responses Object](#responses-object) | **REQUIRED**. The list of possible responses as they are returned from executing this operation. | -| callbacks | Map[`string`, [Callback Object](#callback-object) \| [Reference Object](#reference-object)] | A map of possible out-of band callbacks related to the parent operation. The key is a unique identifier for the Callback Object. Each value in the map is a [Callback Object](#callback-object) that describes a request that may be initiated by the API provider and the expected responses. | -| deprecated | `boolean` | Declares this operation to be deprecated. Consumers SHOULD refrain from usage of the declared operation. Default value is `false`. | -| security | [[Security Requirement Object](#security-requirement-object)] | A declaration of which security mechanisms can be used for this operation. The list of values includes alternative Security Requirement Objects that can be used. Only one of the Security Requirement Objects need to be satisfied to authorize a request. To make security optional, an empty security requirement (`{}`) can be included in the array. This definition overrides any declared top-level [`security`](#oas-security). To remove a top-level security declaration, an empty array can be used. | -| servers | [[Server Object](#server-object)] | An alternative `servers` array to service this operation. If a `servers` array is specified at the [Path Item Object](#path-item-servers) or [OpenAPI Object](#oas-servers) level, it will be overridden by this value. | +| Field Name | Type | Description | +| -------------------------------------------------- | :-----------------------------------------------------------------------------------------: | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| tags | [`string`] | A list of tags for API documentation control. Tags can be used for logical grouping of operations by resources or any other qualifier. | +| summary | `string` | A short summary of what the operation does. | +| description | `string` | A verbose explanation of the operation behavior. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | +| externalDocs | [External Documentation Object](#external-documentation-object) | Additional external documentation for this operation. | +| operationId | `string` | Unique string used to identify the operation. The id MUST be unique among all operations described in the API. The operationId value is **case-sensitive**. Tools and libraries MAY use the operationId to uniquely identify an operation, therefore, it is RECOMMENDED to follow common programming naming conventions. | +| parameters | [[Parameter Object](#parameter-object) \| [Reference Object](#reference-object)] | A list of parameters that are applicable for this operation. If a parameter is already defined in the [Path Item](#path-item-parameters), the new definition will override it but can never remove it. The list MUST NOT include duplicated parameters. A unique parameter is defined by a combination of a [name](#parameter-name) and [location](#parameter-in). The list can use the [Reference Object](#reference-object) to link to parameters that are defined in the [OpenAPI Object's `components.parameters`](#components-parameters). | +| requestBody | [Request Body Object](#request-body-object) \| [Reference Object](#reference-object) | The request body applicable for this operation. The `requestBody` is only supported in HTTP methods where the HTTP 1.1 specification [RFC7231](https://tools.ietf.org/html/rfc7231#section-4.3.1) has explicitly defined semantics for request bodies. In other cases where the HTTP spec is vague (such as [GET](https://tools.ietf.org/html/rfc7231#section-4.3.1), [HEAD](https://tools.ietf.org/html/rfc7231#section-4.3.2) and [DELETE](https://tools.ietf.org/html/rfc7231#section-4.3.5)), `requestBody` SHALL be ignored by consumers. | +| responses | [Responses Object](#responses-object) | **REQUIRED**. The list of possible responses as they are returned from executing this operation. | +| callbacks | Map[`string`, [Callback Object](#callback-object) \| [Reference Object](#reference-object)] | A map of possible out-of band callbacks related to the parent operation. The key is a unique identifier for the Callback Object. Each value in the map is a [Callback Object](#callback-object) that describes a request that may be initiated by the API provider and the expected responses. | +| deprecated | `boolean` | Declares this operation to be deprecated. Consumers SHOULD refrain from usage of the declared operation. Default value is `false`. | +| security | [[Security Requirement Object](#security-requirement-object)] | A declaration of which security mechanisms can be used for this operation. The list of values includes alternative Security Requirement Objects that can be used. Only one of the Security Requirement Objects need to be satisfied to authorize a request. To make security optional, an empty security requirement (`{}`) can be included in the array. This definition overrides any declared top-level [`security`](#oas-security). To remove a top-level security declaration, an empty array can be used. | +| servers | [[Server Object](#server-object)] | An alternative `servers` array to service this operation. If a `servers` array is specified at the [Path Item Object](#path-item-servers) or [OpenAPI Object](#oas-servers) level, it will be overridden by this value. | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -1013,8 +1013,8 @@ Allows referencing an external resource for extended documentation. ##### Fixed Fields -| Field Name | Type | Description | -| ------------------------------------------------ | :------: | -------------------------------------------------------------------------------------------------------------------------------------- | +| Field Name | Type | Description | +| -------------------------------------------------- | :------: | -------------------------------------------------------------------------------------------------------------------------------------- | | description | `string` | A description of the target documentation. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | | url | `string` | **REQUIRED**. The URL for the target documentation. This MUST be in the form of a URL. | @@ -1061,13 +1061,13 @@ See [Appendix B](#appendix-b-data-type-conversion) for a discussion of convertin These fields MAY be used with either `content` or `schema`. -| Field Name | Type | Description | -| ------------------------------------------------------- | :-------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| name | `string` | **REQUIRED**. The name of the parameter. Parameter names are _case sensitive_.
  • If [`in`](#parameter-in) is `"path"`, the `name` field MUST correspond to a template expression occurring within the [path](#paths-path) field in the [Paths Object](#paths-object). See [Path Templating](#path-templating) for further information.
  • If [`in`](#parameter-in) is `"header"` and the `name` field is `"Accept"`, `"Content-Type"` or `"Authorization"`, the parameter definition SHALL be ignored.
  • For all other cases, the `name` corresponds to the parameter name used by the [`in`](#parameter-in) field.
| -| in | `string` | **REQUIRED**. The location of the parameter. Possible values are `"query"`, `"header"`, `"path"` or `"cookie"`. | -| description | `string` | A brief description of the parameter. This could contain examples of use. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | -| required | `boolean` | Determines whether this parameter is mandatory. If the [parameter location](#parameter-in) is `"path"`, this field is **REQUIRED** and its value MUST be `true`. Otherwise, the field MAY be included and its default value is `false`. | -| deprecated | `boolean` | Specifies that a parameter is deprecated and SHOULD be transitioned out of usage. Default value is `false`. | +| Field Name | Type | Description | +| ---------------------------------------------------------- | :-------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| name | `string` | **REQUIRED**. The name of the parameter. Parameter names are _case sensitive_.
  • If [`in`](#parameter-in) is `"path"`, the `name` field MUST correspond to a template expression occurring within the [path](#paths-path) field in the [Paths Object](#paths-object). See [Path Templating](#path-templating) for further information.
  • If [`in`](#parameter-in) is `"header"` and the `name` field is `"Accept"`, `"Content-Type"` or `"Authorization"`, the parameter definition SHALL be ignored.
  • For all other cases, the `name` corresponds to the parameter name used by the [`in`](#parameter-in) field.
| +| in | `string` | **REQUIRED**. The location of the parameter. Possible values are `"query"`, `"header"`, `"path"` or `"cookie"`. | +| description | `string` | A brief description of the parameter. This could contain examples of use. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | +| required | `boolean` | Determines whether this parameter is mandatory. If the [parameter location](#parameter-in) is `"path"`, this field is **REQUIRED** and its value MUST be `true`. Otherwise, the field MAY be included and its default value is `false`. | +| deprecated | `boolean` | Specifies that a parameter is deprecated and SHOULD be transitioned out of usage. Default value is `false`. | | allowEmptyValue | `boolean` | If `true`, clients MAY pass a zero-length string value in place of parameters that would otherwise be omitted entirely, which the server SHOULD interpret as the parameter being unused. Default value is `false`. If [`style`](#parameter-style) is used, and if [behavior is _n/a_ (cannot be serialized)](#style-examples), the value of `allowEmptyValue` SHALL be ignored. Interactions between this field and the parameter's [Schema Object](#schema-object) are implementation-defined. This field is valid only for `query` parameters. Use of this field is NOT RECOMMENDED, and it is likely to be removed in a later revision. | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -1082,14 +1082,14 @@ The `example` and `examples` fields are mutually exclusive, and if either is pre Serializing with `schema` is NOT RECOMMENDED for `in: "cookie"` parameters, `in: "header"` parameters that use HTTP header parameters (name=value pairs following a `;`) in their values, or `in: "header"` parameters where values might have non-URL-safe characters; see [Appendix D](#appendix-d-serializing-headers-and-cookies) for details. -| Field Name | Type | Description | -| -------------------------------------------------- | :--------------------------------------------------------------------------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| style | `string` | Describes how the parameter value will be serialized depending on the type of the parameter value. Default values (based on value of `in`): for `"query"` - `"form"`; for `"path"` - `"simple"`; for `"header"` - `"simple"`; for `"cookie"` - `"form"`. | -| explode | `boolean` | When this is true, parameter values of type `array` or `object` generate separate parameters for each value of the array or key-value pair of the map. For other types of parameters this field has no effect. When [`style`](#parameter-style) is `"form"`, the default value is `true`. For all other styles, the default value is `false`. Note that despite `false` being the default for `deepObject`, the combination of `false` with `deepObject` is undefined. | -| allowReserved | `boolean` | When this is true, parameter values are serialized using reserved expansion, as defined by [RFC6570](https://datatracker.ietf.org/doc/html/rfc6570#section-3.2.3), which allows [RFC3986's reserved character set](https://datatracker.ietf.org/doc/html/rfc3986#section-2.2), as well as percent-encoded triples, to pass through unchanged, while still percent-encoding all other disallowed characters (including `%` outside of percent-encoded triples). Applications are still responsible for percent-encoding reserved characters that are [not allowed in the query string](https://datatracker.ietf.org/doc/html/rfc3986#section-3.4) (`[`, `]`, `#`), or have a special meaning in `application/x-www-form-urlencoded` (`-`, `&`, `+`); see Appendices [C](#appendix-c-using-rfc6570-implementations) and [E](#appendix-e-percent-encoding-and-form-media-types) for details. This field only applies to parameters with an `in` value of `query`. The default value is `false`. | -| schema | [Schema Object](#schema-object) \| [Reference Object](#reference-object) | The schema defining the type used for the parameter. | -| example | Any | Example of the parameter's potential value; see [Working With Examples](#working-with-examples). | -| examples | Map[ `string`, [Example Object](#example-object) \| [Reference Object](#reference-object)] | Examples of the parameter's potential value; see [Working With Examples](#working-with-examples). | +| Field Name | Type | Description | +| ---------------------------------------------------- | :----------------------------------------------------------------------------------------: | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| style | `string` | Describes how the parameter value will be serialized depending on the type of the parameter value. Default values (based on value of `in`): for `"query"` - `"form"`; for `"path"` - `"simple"`; for `"header"` - `"simple"`; for `"cookie"` - `"form"`. | +| explode | `boolean` | When this is true, parameter values of type `array` or `object` generate separate parameters for each value of the array or key-value pair of the map. For other types of parameters this field has no effect. When [`style`](#parameter-style) is `"form"`, the default value is `true`. For all other styles, the default value is `false`. Note that despite `false` being the default for `deepObject`, the combination of `false` with `deepObject` is undefined. | +| allowReserved | `boolean` | When this is true, parameter values are serialized using reserved expansion, as defined by [RFC6570](https://datatracker.ietf.org/doc/html/rfc6570#section-3.2.3), which allows [RFC3986's reserved character set](https://datatracker.ietf.org/doc/html/rfc3986#section-2.2), as well as percent-encoded triples, to pass through unchanged, while still percent-encoding all other disallowed characters (including `%` outside of percent-encoded triples). Applications are still responsible for percent-encoding reserved characters that are [not allowed in the query string](https://datatracker.ietf.org/doc/html/rfc3986#section-3.4) (`[`, `]`, `#`), or have a special meaning in `application/x-www-form-urlencoded` (`-`, `&`, `+`); see Appendices [C](#appendix-c-using-rfc6570-implementations) and [E](#appendix-e-percent-encoding-and-form-media-types) for details. This field only applies to parameters with an `in` value of `query`. The default value is `false`. | +| schema | [Schema Object](#schema-object) \| [Reference Object](#reference-object) | The schema defining the type used for the parameter. | +| example | Any | Example of the parameter's potential value; see [Working With Examples](#working-with-examples). | +| examples | Map[ `string`, [Example Object](#example-object) \| [Reference Object](#reference-object)] | Examples of the parameter's potential value; see [Working With Examples](#working-with-examples). | See also [Appendix C: Using RFC6570 Implementations](#appendix-c-using-rfc6570-implementations) for additional guidance. @@ -1098,15 +1098,15 @@ See also [Appendix C: Using RFC6570 Implementations](#appendix-c-using-rfc6570-i For more complex scenarios, the [`content`](#parameter-content) field can define the media type and schema of the parameter, as well as give examples of its use. Using `content` with a `text/plain` media type is RECOMMENDED for `in: "header"` and `in: "cookie"` parameters where the `schema` strategy is not appropriate. -| Field Name | Type | Description | -| -------------------------------------- | :--------------------------------------------------: | -------------------------------------------------------------------------------------------------------------------------------------------------- | +| Field Name | Type | Description | +| --------------------------------------- | :----------------------------------------------------: | -------------------------------------------------------------------------------------------------------------------------------------------------- | | content | Map[`string`, [Media Type Object](#media-type-object)] | A map containing the representations for the parameter. The key is the media type and the value describes it. The map MUST only contain one entry. | ##### Style Values In order to support common ways of serializing simple parameters, a set of `style` values are defined. -| `style` | [`type`](#data-types) | `in` | Comments | +| `style` | [`type`](#data-types) | `in` | Comments | | -------------- | ------------------------------ | ----------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | matrix | `primitive`, `array`, `object` | `path` | Path-style parameters defined by [RFC6570](https://tools.ietf.org/html/rfc6570#section-3.2.7) | | label | `primitive`, `array`, `object` | `path` | Label style parameters defined by [RFC6570](https://tools.ietf.org/html/rfc6570#section-3.2.5) | @@ -1137,22 +1137,22 @@ The following table shows examples, as would be shown with the `example` or `exa * Note that the `?` prefix is not appropriate for serializing `application/x-www-form-urlencoded` HTTP message bodies, and MUST be stripped or (if constructing the string manually) not added when used in that context; see the [Encoding Object](#encoding-object) for more information * The examples are percent-encoded as required by RFC6570 and RFC3986; see [Appendix E](#appendix-e-percent-encoding-and-form-media-types) for a thorough discussion of percent-encoding concerns, including why unencoded `|` (`%7C`), `[` (`%5B`), and `]` (`%5D`) seem to work in some environments despite not being compliant. -| [`style`](#style-values) | `explode` | `undefined` | `string` | `array` | `object` | -| ----------------------- | --------- | ------------------------------------------------- | ----------------------------------------------------- | ----------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------- | -| matrix | false | ;color | ;color=blue | ;color=blue,black,brown | ;color=R,100,G,200,B,150 | -| matrix | true | ;color | ;color=blue | ;color=blue;color=black;color=brown | ;R=100;G=200;B=150 | -| label | false | . | .blue | .blue,black,brown | .R,100,G,200,B,150 | -| label | true | . | .blue | .blue.black.brown | .R=100.G=200.B=150 | -| simple | false | _empty_ | blue | blue,black,brown | R,100,G,200,B,150 | -| simple | true | _empty_ | blue | blue,black,brown | R=100,G=200,B=150 | -| form | false | ?color= | ?color=blue | ?color=blue,black,brown | ?color=R,100,G,200,B,150 | -| form | true | ?color= | ?color=blue | ?color=blue&color=black&color=brown | ?R=100&G=200&B=150 | -| spaceDelimited | false | _n/a_ | _n/a_ | ?color=blue%20black%20brown | ?color=R%20100%20G%20200%20B%20150 | -| spaceDelimited | true | _n/a_ | _n/a_ | _n/a_ | _n/a_ | -| pipeDelimited | false | _n/a_ | _n/a_ | ?color=blue%7Cblack%7Cbrown | ?color=R%7C100%7CG%7C200%7CB%7C150 | -| pipeDelimited | true | _n/a_ | _n/a_ | _n/a_ | _n/a_ | -| deepObject | false | _n/a_ | _n/a_ | _n/a_ | _n/a_ | -| deepObject | true | _n/a_ | _n/a_ | _n/a_ | ?color%5BR%5D=100&color%5BG%5D=200&color%5BB%5D=150 | +| [`style`](#style-values) | `explode` | `undefined` | `string` | `array` | `object` | +| ------------------------ | --------- | ------------------------------------------------- | ----------------------------------------------------- | ----------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------- | +| matrix | false | ;color | ;color=blue | ;color=blue,black,brown | ;color=R,100,G,200,B,150 | +| matrix | true | ;color | ;color=blue | ;color=blue;color=black;color=brown | ;R=100;G=200;B=150 | +| label | false | . | .blue | .blue,black,brown | .R,100,G,200,B,150 | +| label | true | . | .blue | .blue.black.brown | .R=100.G=200.B=150 | +| simple | false | _empty_ | blue | blue,black,brown | R,100,G,200,B,150 | +| simple | true | _empty_ | blue | blue,black,brown | R=100,G=200,B=150 | +| form | false | ?color= | ?color=blue | ?color=blue,black,brown | ?color=R,100,G,200,B,150 | +| form | true | ?color= | ?color=blue | ?color=blue&color=black&color=brown | ?R=100&G=200&B=150 | +| spaceDelimited | false | _n/a_ | _n/a_ | ?color=blue%20black%20brown | ?color=R%20100%20G%20200%20B%20150 | +| spaceDelimited | true | _n/a_ | _n/a_ | _n/a_ | _n/a_ | +| pipeDelimited | false | _n/a_ | _n/a_ | ?color=blue%7Cblack%7Cbrown | ?color=R%7C100%7CG%7C200%7CB%7C150 | +| pipeDelimited | true | _n/a_ | _n/a_ | _n/a_ | _n/a_ | +| deepObject | false | _n/a_ | _n/a_ | _n/a_ | _n/a_ | +| deepObject | true | _n/a_ | _n/a_ | _n/a_ | ?color%5BR%5D=100&color%5BG%5D=200&color%5BB%5D=150 | ##### Parameter Object Examples @@ -1317,11 +1317,11 @@ Describes a single request body. ##### Fixed Fields -| Field Name | Type | Description | -| ------------------------------------------------ | :--------------------------------------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| description | `string` | A brief description of the request body. This could contain examples of use. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | +| Field Name | Type | Description | +| -------------------------------------------------- | :----------------------------------------------------: | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| description | `string` | A brief description of the request body. This could contain examples of use. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | | content | Map[`string`, [Media Type Object](#media-type-object)] | **REQUIRED**. The content of the request body. The key is a media type or [media type range](https://tools.ietf.org/html/rfc7231#appendix-D) and the value describes it. For requests that match multiple keys, only the most specific key is applicable. e.g. `"text/plain"` overrides `"text/*"` | -| required | `boolean` | Determines if the request body is required in the request. Defaults to `false`. | +| required | `boolean` | Determines if the request body is required in the request. Defaults to `false`. | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -1414,12 +1414,12 @@ See [Working With Examples](#working-with-examples) for further guidance regardi ##### Fixed Fields -| Field Name | Type | Description | -| ---------------------------------------- | :--------------------------------------------------------------------------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Field Name | Type | Description | +| ------------------------------------------ | :----------------------------------------------------------------------------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | schema | [Schema Object](#schema-object) \| [Reference Object](#reference-object) | The schema defining the content of the request, response, parameter, or header. | -| example | Any | Example of the media type; see [Working With Examples](#working-with-examples). | +| example | Any | Example of the media type; see [Working With Examples](#working-with-examples). | | examples | Map[ `string`, [Example Object](#example-object) \| [Reference Object](#reference-object)] | Examples of the media type; see [Working With Examples](#working-with-examples). | -| encoding | Map[`string`, [Encoding Object](#encoding-object)] | A map between a property name and its encoding information. The key, being the property name, MUST exist in the schema as a property. The `encoding` field SHALL only apply to [Request Body Objects](#request-body-object), and only when the media type is `multipart` or `application/x-www-form-urlencoded`. If no Encoding Object is provided for a property, the behavior is determined by the default values documented for the Encoding Object. | +| encoding | Map[`string`, [Encoding Object](#encoding-object)] | A map between a property name and its encoding information. The key, being the property name, MUST exist in the schema as a property. The `encoding` field SHALL only apply to [Request Body Objects](#request-body-object), and only when the media type is `multipart` or `application/x-www-form-urlencoded`. If no Encoding Object is provided for a property, the behavior is determined by the default values documented for the Encoding Object. | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -1553,10 +1553,10 @@ See [Appendix E](#appendix-e-percent-encoding-and-form-media-types) for a detail These fields MAY be used either with or without the RFC6570-style serialization fields defined in the next section below. -| Field Name | Type | Description | -| --------------------------------------------- | :-----------------------------------------------------------------------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| contentType | `string` | The `Content-Type` for encoding a specific property. The value is a comma-separated list, each element of which is either a specific media type (e.g. `image/png`) or a wildcard media type (e.g. `image/*`). Default value depends on the property type as shown in the table below. | -| headers | Map[`string`, [Header Object](#header-object) \| [Reference Object](#reference-object)] | A map allowing additional information to be provided as headers. `Content-Type` is described separately and SHALL be ignored in this section. This field SHALL be ignored if the request body media type is not a `multipart`. | +| Field Name | Type | Description | +| ----------------------------------------------- | :-------------------------------------------------------------------------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| contentType | `string` | The `Content-Type` for encoding a specific property. The value is a comma-separated list, each element of which is either a specific media type (e.g. `image/png`) or a wildcard media type (e.g. `image/*`). Default value depends on the property type as shown in the table below. | +| headers | Map[`string`, [Header Object](#header-object) \| [Reference Object](#reference-object)] | A map allowing additional information to be provided as headers. `Content-Type` is described separately and SHALL be ignored in this section. This field SHALL be ignored if the request body media type is not a `multipart`. | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -1576,10 +1576,10 @@ See [Appendix B](#appendix-b-data-type-conversion) for a discussion of data type ###### Fixed Fields for RFC6570-style Serialization -| Field Name | Type | Description | -| ------------------------------------------------- | :-------: | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| style | `string` | Describes how a specific property value will be serialized depending on its type. See [Parameter Object](#parameter-object) for details on the [`style`](#parameter-style) field. The behavior follows the same values as `query` parameters, including default values. Note that the initial `?` used in query strings is not used in `application/x-www-form-urlencoded` message bodies, and MUST be removed (if using an RFC6570 implementation) or simply not added (if constructing the string manually). This field SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. | -| explode | `boolean` | When this is true, property values of type `array` or `object` generate separate parameters for each value of the array, or key-value-pair of the map. For other types of properties this field has no effect. When [`style`](#encoding-style) is `"form"`, the default value is `true`. For all other styles, the default value is `false`. Note that despite `false` being the default for `deepObject`, the combination of `false` with `deepObject` is undefined. This field SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. | +| Field Name | Type | Description | +| --------------------------------------------------- | :-------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| style | `string` | Describes how a specific property value will be serialized depending on its type. See [Parameter Object](#parameter-object) for details on the [`style`](#parameter-style) field. The behavior follows the same values as `query` parameters, including default values. Note that the initial `?` used in query strings is not used in `application/x-www-form-urlencoded` message bodies, and MUST be removed (if using an RFC6570 implementation) or simply not added (if constructing the string manually). This field SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. | +| explode | `boolean` | When this is true, property values of type `array` or `object` generate separate parameters for each value of the array, or key-value-pair of the map. For other types of properties this field has no effect. When [`style`](#encoding-style) is `"form"`, the default value is `true`. For all other styles, the default value is `false`. Note that despite `false` being the default for `deepObject`, the combination of `false` with `deepObject` is undefined. This field SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. | | allowReserved | `boolean` | When this is true, parameter values are serialized using reserved expansion, as defined by [RFC6570](https://datatracker.ietf.org/doc/html/rfc6570#section-3.2.3), which allows [RFC3986's reserved character set](https://datatracker.ietf.org/doc/html/rfc3986#section-2.2), as well as percent-encoded triples, to pass through unchanged, while still percent-encoding all other disallowed characters (including `%` outside of percent-encoded triples). Applications are still responsible for percent-encoding reserved characters that are [not allowed in the query string](https://datatracker.ietf.org/doc/html/rfc3986#section-3.4) (`[`, `]`, `#`), or have a special meaning in `application/x-www-form-urlencoded` (`-`, `&`, `+`); see Appendices [C](#appendix-c-using-rfc6570-implementations) and [E](#appendix-e-percent-encoding-and-form-media-types) for details. The default value is `false`. This field SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. | See also [Appendix C: Using RFC6570 Implementations](#appendix-c-using-rfc6570-implementations) for additional guidance. @@ -1814,14 +1814,14 @@ call. ##### Fixed Fields -| Field Name | Type | Description | -| -------------------------------------- | :------------------------------------------------------------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Field Name | Type | Description | +| --------------------------------------- | :--------------------------------------------------------------------------: | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | default | [Response Object](#response-object) \| [Reference Object](#reference-object) | The documentation of responses other than the ones declared for specific HTTP response codes. Use this field to cover undeclared responses. A [Reference Object](#reference-object) can link to a response that the [OpenAPI Object's `components.responses`](#components-responses) section defines. | ##### Patterned Fields -| Field Pattern | Type | Description | -| ---------------------------------------------------------- | :------------------------------------------------------------------------: | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Field Pattern | Type | Description | +| ------------------------------------------------------------------- | :--------------------------------------------------------------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | [HTTP Status Code](#http-status-codes) | [Response Object](#response-object) \| [Reference Object](#reference-object) | Any [HTTP status code](#http-status-codes) can be used as the property name, but only one property per code, to describe the expected response for that HTTP status code. A [Reference Object](#reference-object) can link to a response that is defined in the [OpenAPI Object's `components.responses`](#components-responses) section. This field MUST be enclosed in quotation marks (for example, "200") for compatibility between JSON and YAML. To define a range of response codes, this field MAY contain the uppercase wildcard character `X`. For example, `2XX` represents all response codes between `200` and `299`. Only the following range definitions are allowed: `1XX`, `2XX`, `3XX`, `4XX`, and `5XX`. If a response is defined using an explicit code, the explicit code definition takes precedence over the range definition for that code. | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -1877,12 +1877,12 @@ Describes a single response from an API operation, including design-time, static ##### Fixed Fields -| Field Name | Type | Description | -| --------------------------------------------- | :-----------------------------------------------------------------------------------: | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| description | `string` | **REQUIRED**. A description of the response. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | -| headers | Map[`string`, [Header Object](#header-object) \| [Reference Object](#reference-object)] | Maps a header name to its definition. [RFC7230](https://tools.ietf.org/html/rfc7230#section-3.2) states header names are case insensitive. If a response header is defined with the name `"Content-Type"`, it SHALL be ignored. | +| Field Name | Type | Description | +| ---------------------------------------------- | :-------------------------------------------------------------------------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| description | `string` | **REQUIRED**. A description of the response. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | +| headers | Map[`string`, [Header Object](#header-object) \| [Reference Object](#reference-object)] | Maps a header name to its definition. [RFC7230](https://tools.ietf.org/html/rfc7230#section-3.2) states header names are case insensitive. If a response header is defined with the name `"Content-Type"`, it SHALL be ignored. | | content | Map[`string`, [Media Type Object](#media-type-object)] | A map containing descriptions of potential response payloads. The key is a media type or [media type range](https://tools.ietf.org/html/rfc7231#appendix-D) and the value describes it. For responses that match multiple keys, only the most specific key is applicable. e.g. `"text/plain"` overrides `"text/*"` | -| links | Map[`string`, [Link Object](#link-object) \| [Reference Object](#reference-object)] | A map of operations links that can be followed from the response. The key of the map is a short name for the link, following the naming constraints of the names for [Component Objects](#components-object). | +| links | Map[`string`, [Link Object](#link-object) \| [Reference Object](#reference-object)] | A map of operations links that can be followed from the response. The key of the map is a short name for the link, following the naming constraints of the names for [Component Objects](#components-object). | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -2017,8 +2017,8 @@ The key value used to identify the Path Item Object is an expression, evaluated ##### Patterned Fields -| Field Pattern | Type | Description | -| --------------------------------------------- | :---------------------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Field Pattern | Type | Description | +| ---------------------------------------------- | :-----------------------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------- | | {expression} | [Path Item Object](#path-item-object) | A Path Item Object used to define a callback request and expected responses. A [complete example](../examples/v3.0/callback-example.yaml) is available. | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -2057,13 +2057,13 @@ Location: https://example.org/subscription/1 The following examples show how the various expressions evaluate, assuming the callback operation has a path parameter named `eventType` and a query parameter named `queryUrl`. -| Expression | Value | -| ---------------------------- | :----------------------------------------------------------------------------------- | +| Expression | Value | +| ---------------------------- | :------------------------------------------------------------------------------------- | | $url | | -| $method | POST | -| $request.path.eventType | myevent | +| $method | POST | +| $request.path.eventType | myevent | | $request.query.queryUrl | | -| $request.header.content-type | application/json | +| $request.header.content-type | application/json | | $request.body#/failedUrl | | | $request.body#/successUrls/1 | | | $response.header.Location | | @@ -2113,11 +2113,11 @@ Examples allow demonstration of the usage of properties, parameters and objects ##### Fixed Fields -| Field Name | Type | Description | -| ------------------------------------------------ | :------: | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| summary | `string` | Short description for the example. | -| description | `string` | Long description for the example. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | -| value | Any | Embedded literal example. The `value` field and `externalValue` field are mutually exclusive. To represent examples of media types that cannot naturally represented in JSON or YAML, use a string value to contain the example, escaping where necessary. | +| Field Name | Type | Description | +| -------------------------------------------------- | :------: | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| summary | `string` | Short description for the example. | +| description | `string` | Long description for the example. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | +| value | Any | Embedded literal example. The `value` field and `externalValue` field are mutually exclusive. To represent examples of media types that cannot naturally represented in JSON or YAML, use a string value to contain the example, escaping where necessary. | | externalValue | `string` | A URL that points to the literal example. This provides the capability to reference examples that cannot easily be included in JSON or YAML documents. The `value` field and `externalValue` field are mutually exclusive. See the rules for resolving [Relative References](#relative-references-in-urls). | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -2289,14 +2289,14 @@ For computing links and providing instructions to execute them, a [runtime expre ##### Fixed Fields -| Field Name | Type | Description | -| ------------------------------------------- | :------------------------------------------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| operationRef | `string` | A relative or absolute URI reference to an OAS operation. This field is mutually exclusive of the `operationId` field, and MUST point to an [Operation Object](#operation-object). Relative `operationRef` values MAY be used to locate an existing [Operation Object](#operation-object) in the OpenAPI description. | -| operationId | `string` | The name of an _existing_, resolvable OAS operation, as defined with a unique `operationId`. This field is mutually exclusive of the `operationRef` field. | -| parameters | Map[`string`, Any \| [{expression}](#runtime-expressions)] | A map representing parameters to pass to an operation as specified with `operationId` or identified via `operationRef`. The key is the parameter name to be used (optionally qualified with the parameter location, e.g. `path.id` for an `id` parameter in the path), whereas the value can be a constant or an expression to be evaluated and passed to the linked operation. | -| requestBody | Any \| [{expression}](#runtime-expressions) | A literal value or [{expression}](#runtime-expressions) to use as a request body when calling the target operation. | -| description | `string` | A description of the link. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | -| server | [Server Object](#server-object) | A server object to be used by the target operation. | +| Field Name | Type | Description | +| --------------------------------------------- | :--------------------------------------------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| operationRef | `string` | A relative or absolute URI reference to an OAS operation. This field is mutually exclusive of the `operationId` field, and MUST point to an [Operation Object](#operation-object). Relative `operationRef` values MAY be used to locate an existing [Operation Object](#operation-object) in the OpenAPI description. | +| operationId | `string` | The name of an _existing_, resolvable OAS operation, as defined with a unique `operationId`. This field is mutually exclusive of the `operationRef` field. | +| parameters | Map[`string`, Any \| [{expression}](#runtime-expressions)] | A map representing parameters to pass to an operation as specified with `operationId` or identified via `operationRef`. The key is the parameter name to be used (optionally qualified with the parameter location, e.g. `path.id` for an `id` parameter in the path), whereas the value can be a constant or an expression to be evaluated and passed to the linked operation. | +| requestBody | Any \| [{expression}](#runtime-expressions) | A literal value or [{expression}](#runtime-expressions) to use as a request body when calling the target operation. | +| description | `string` | A description of the link. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | +| server | [Server Object](#server-object) | A server object to be used by the target operation. | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -2440,10 +2440,10 @@ The table below provides examples of runtime expressions and examples of their u | Source Location | example expression | notes | | --------------------- | :------------------------- | :-------------------------------------------------------------------------------------------------------------------------------------------------- | | HTTP Method | `$method` | The allowable values for the `$method` will be those for the HTTP operation. | -| Requested media type | `$request.header.accept` | | +| Requested media type | `$request.header.accept` | | | Request parameter | `$request.path.id` | Request parameters MUST be declared in the `parameters` section of the parent operation or they cannot be evaluated. This includes request headers. | | Request body property | `$request.body#/user/uuid` | In operations which accept payloads, references may be made to portions of the `requestBody` or the entire body. | -| Request URL | `$url` | | +| Request URL | `$url` | | | Response value | `$response.body#/status` | In operations which return payloads, references may be made to portions of the response body or the entire body. | | Response header | `$response.header.Server` | Single header values only are available | @@ -2466,8 +2466,8 @@ The Header Object follows the structure of the [Parameter Object](#parameter-obj These fields MAY be used with either `content` or `schema`. -| Field Name | Type | Description | -| ------------------------------------------- | :-------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| Field Name | Type | Description | +| -------------------------------------------- | :-------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | description | `string` | A brief description of the header. This could contain examples of use. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | | required | `boolean` | Determines whether this header is mandatory. The default value is `false`. | | deprecated | `boolean` | Specifies that the header is deprecated and SHOULD be transitioned out of usage. Default value is `false`. | @@ -2484,13 +2484,13 @@ Serializing with `schema` is NOT RECOMMENDED for headers with parameters (name=v When `example` or `examples` are provided in conjunction with the `schema` field, the example SHOULD match the specified schema and follow the prescribed serialization strategy for the header. The `example` and `examples` fields are mutually exclusive, and if either is present it SHALL _override_ any `example` in the schema. -| Field Name | Type | Description | -| ------------------------------------- | :--------------------------------------------------------------------------------------: | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| style | `string` | Describes how the header value will be serialized. The default (and only legal value for headers) is `"simple"`. | -| explode | `boolean` | When this is true, header values of type `array` or `object` generate a single header whose value is a comma-separated list of the array items or key-value pairs of the map, see [Style Examples](#style-examples). For other data types this field has no effect. The default value is `false`. | -| schema | [Schema Object](#schema-object) \| [Reference Object](#reference-object) | The schema defining the type used for the header. | -| example | Any | Example of the header's potential value; see [Working With Examples](#working-with-examples). | -| examples | Map[ `string`, [Example Object](#example-object) \| [Reference Object](#reference-object)] | Examples of the header's potential value; see [Working With Examples](#working-with-examples). | +| Field Name | Type | Description | +| -------------------------------------- | :----------------------------------------------------------------------------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| style | `string` | Describes how the header value will be serialized. The default (and only legal value for headers) is `"simple"`. | +| explode | `boolean` | When this is true, header values of type `array` or `object` generate a single header whose value is a comma-separated list of the array items or key-value pairs of the map, see [Style Examples](#style-examples). For other data types this field has no effect. The default value is `false`. | +| schema | [Schema Object](#schema-object) \| [Reference Object](#reference-object) | The schema defining the type used for the header. | +| example | Any | Example of the header's potential value; see [Working With Examples](#working-with-examples). | +| examples | Map[ `string`, [Example Object](#example-object) \| [Reference Object](#reference-object)] | Examples of the header's potential value; see [Working With Examples](#working-with-examples). | See also [Appendix C: Using RFC6570 Implementations](#appendix-c-using-rfc6570-implementations) for additional guidance. @@ -2499,8 +2499,8 @@ See also [Appendix C: Using RFC6570 Implementations](#appendix-c-using-rfc6570-i For more complex scenarios, the [`content`](#header-content) field can define the media type and schema of the header, as well as give examples of its use. Using `content` with a `text/plain` media type is RECOMMENDED for headers where the `schema` strategy is not appropriate. -| Field Name | Type | Description | -| ----------------------------------- | :--------------------------------------------------: | ----------------------------------------------------------------------------------------------------------------------------------------------- | +| Field Name | Type | Description | +| ------------------------------------ | :----------------------------------------------------: | ----------------------------------------------------------------------------------------------------------------------------------------------- | | content | Map[`string`, [Media Type Object](#media-type-object)] | A map containing the representations for the header. The key is the media type and the value describes it. The map MUST only contain one entry. | ##### Header Object Example @@ -2556,10 +2556,10 @@ It is not mandatory to have a Tag Object per tag defined in the Operation Object ##### Fixed Fields -| Field Name | Type | Description | -| ------------------------------------------ | :-----------------------------------------------------------: | ---------------------------------------------------------------------------------------------------------------------- | -| name | `string` | **REQUIRED**. The name of the tag. | -| description | `string` | A description for the tag. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | +| Field Name | Type | Description | +| -------------------------------------------- | :-------------------------------------------------------------: | ---------------------------------------------------------------------------------------------------------------------- | +| name | `string` | **REQUIRED**. The name of the tag. | +| description | `string` | A description for the tag. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | | externalDocs | [External Documentation Object](#external-documentation-object) | Additional external documentation for this tag. | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -2588,8 +2588,8 @@ For this specification, reference resolution is accomplished as defined by the J ##### Fixed Fields -| Field Name | Type | Description | -| ------------------------------- | :------: | ----------------------------------- | +| Field Name | Type | Description | +| -------------------------------- | :------: | ----------------------------------- | | $ref | `string` | **REQUIRED**. The reference string. | This object cannot be extended with additional properties, and any properties added SHALL be ignored. @@ -2682,16 +2682,16 @@ Other than the JSON Schema subset fields, the following fields MAY be used for f ##### Fixed Fields -| Field Name | Type | Description | -| ----------------------------------------------- | :-----------------------------------------------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| nullable | `boolean` | This keyword only takes effect if `type` is explicitly defined within the same Schema Object. A `true` value indicates that both `null` values and values of the type specified by `type` are allowed. Other Schema Object constraints retain their defined behavior, and therefore may disallow the use of `null` as a value. A `false` value leaves the specified or default `type` unmodified. The default value is `false`. | -| discriminator | [Discriminator Object](#discriminator-object) | Adds support for polymorphism. The discriminator is used to determine which of a set of schemas a payload is expected to satisfy. See [Composition and Inheritance](#composition-and-inheritance-polymorphism) for more details. | -| readOnly | `boolean` | Relevant only for Schema Object `properties` definitions. Declares the property as "read only". This means that it MAY be sent as part of a response but SHOULD NOT be sent as part of the request. If the property is marked as `readOnly` being `true` and is in the `required` list, the `required` will take effect on the response only. A property MUST NOT be marked as both `readOnly` and `writeOnly` being `true`. Default value is `false`. | -| writeOnly | `boolean` | Relevant only for Schema Object `properties` definitions. Declares the property as "write only". Therefore, it MAY be sent as part of a request but SHOULD NOT be sent as part of the response. If the property is marked as `writeOnly` being `true` and is in the `required` list, the `required` will take effect on the request only. A property MUST NOT be marked as both `readOnly` and `writeOnly` being `true`. Default value is `false`. | -| xml | [XML Object](#xml-object) | This MAY be used only on property schemas. It has no effect on root schemas. Adds additional metadata to describe the XML representation of this property. | -| externalDocs | [External Documentation Object](#external-documentation-object) | Additional external documentation for this schema. | -| example | Any | A free-form field to include an example of an instance for this schema. To represent examples that cannot be naturally represented in JSON or YAML, a string value can be used to contain the example with escaping where necessary. | -| deprecated | `boolean` | Specifies that a schema is deprecated and SHOULD be transitioned out of usage. Default value is `false`. | +| Field Name | Type | Description | +| ------------------------------------------------ | :-------------------------------------------------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| nullable | `boolean` | This keyword only takes effect if `type` is explicitly defined within the same Schema Object. A `true` value indicates that both `null` values and values of the type specified by `type` are allowed. Other Schema Object constraints retain their defined behavior, and therefore may disallow the use of `null` as a value. A `false` value leaves the specified or default `type` unmodified. The default value is `false`. | +| discriminator | [Discriminator Object](#discriminator-object) | Adds support for polymorphism. The discriminator is used to determine which of a set of schemas a payload is expected to satisfy. See [Composition and Inheritance](#composition-and-inheritance-polymorphism) for more details. | +| readOnly | `boolean` | Relevant only for Schema Object `properties` definitions. Declares the property as "read only". This means that it MAY be sent as part of a response but SHOULD NOT be sent as part of the request. If the property is marked as `readOnly` being `true` and is in the `required` list, the `required` will take effect on the response only. A property MUST NOT be marked as both `readOnly` and `writeOnly` being `true`. Default value is `false`. | +| writeOnly | `boolean` | Relevant only for Schema Object `properties` definitions. Declares the property as "write only". Therefore, it MAY be sent as part of a request but SHOULD NOT be sent as part of the response. If the property is marked as `writeOnly` being `true` and is in the `required` list, the `required` will take effect on the request only. A property MUST NOT be marked as both `readOnly` and `writeOnly` being `true`. Default value is `false`. | +| xml | [XML Object](#xml-object) | This MAY be used only on property schemas. It has no effect on root schemas. Adds additional metadata to describe the XML representation of this property. | +| externalDocs | [External Documentation Object](#external-documentation-object) | Additional external documentation for this schema. | +| example | Any | A free-form field to include an example of an instance for this schema. To represent examples that cannot be naturally represented in JSON or YAML, a string value can be used to contain the example with escaping where necessary. | +| deprecated | `boolean` | Specifies that a schema is deprecated and SHOULD be transitioned out of usage. Default value is `false`. | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -3031,8 +3031,8 @@ Note that `discriminator` MUST NOT change the validation outcome of the schema. ##### Fixed Fields -| Field Name | Type | Description | -| ------------------------------------------- | :---------------------: | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Field Name | Type | Description | +| -------------------------------------------- | :---------------------: | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | propertyName | `string` | **REQUIRED**. The name of the property in the payload that will hold the discriminating value. This property SHOULD be required in the payload schema, as the behavior when the property is absent is undefined. | | mapping | Map[`string`, `string`] | An object to hold mappings between payload values and schema names or URI references. | @@ -3190,13 +3190,13 @@ See examples for expected behavior. ##### Fixed Fields -| Field Name | Type | Description | -| ------------------------------------ | :-------: | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Field Name | Type | Description | +| ------------------------------------- | :-------: | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | name | `string` | Replaces the name of the element/attribute used for the described schema property. When defined within `items`, it will affect the name of the individual XML elements within the list. When defined alongside `type` being `"array"` (outside the `items`), it will affect the wrapping element if and only if `wrapped` is `true`. If `wrapped` is `false`, it will be ignored. | -| namespace | `string` | The URI of the namespace definition. Value MUST be in the form of a non-relative URI. | -| prefix | `string` | The prefix to be used for the [name](#xml-name). | -| attribute | `boolean` | Declares whether the property definition translates to an attribute instead of an element. Default value is `false`. | -| wrapped | `boolean` | MAY be used only for an array definition. Signifies whether the array is wrapped (for example, ``) or unwrapped (``). Default value is `false`. The definition takes effect only when defined alongside `type` being `"array"` (outside the `items`). | +| namespace | `string` | The URI of the namespace definition. Value MUST be in the form of a non-relative URI. | +| prefix | `string` | The prefix to be used for the [name](#xml-name). | +| attribute | `boolean` | Declares whether the property definition translates to an attribute instead of an element. Default value is `false`. | +| wrapped | `boolean` | MAY be used only for an array definition. Signifies whether the array is wrapped (for example, ``) or unwrapped (``). Default value is `false`. The definition takes effect only when defined alongside `type` being `"array"` (outside the `items`). | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -3550,16 +3550,16 @@ Please note that as of 2020, the implicit flow is about to be deprecated by [OAu ##### Fixed Fields -| Field Name | Type | Applies To | Description | -| ------------------------------------------------------------- | :-------------------------------------: | ------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| type | `string` | Any | **REQUIRED**. The type of the security scheme. Valid values are `"apiKey"`, `"http"`, `"oauth2"`, `"openIdConnect"`. | -| description | `string` | Any | A description for security scheme. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | -| name | `string` | `apiKey` | **REQUIRED**. The name of the header, query or cookie parameter to be used. | -| in | `string` | `apiKey` | **REQUIRED**. The location of the API key. Valid values are `"query"`, `"header"`, or `"cookie"`. | -| scheme | `string` | `http` | **REQUIRED**. The name of the HTTP Authentication scheme to be used in the [Authorization header as defined in RFC7235](https://tools.ietf.org/html/rfc7235#section-5.1). The values used SHOULD be registered in the [IANA Authentication Scheme registry](https://www.iana.org/assignments/http-authschemes/http-authschemes.xhtml). The value is case-insensitive, as defined in [RFC7235](https://datatracker.ietf.org/doc/html/rfc7235#section-2.1). | -| bearerFormat | `string` | `http` (`"bearer"`) | A hint to the client to identify how the bearer token is formatted. Bearer tokens are usually generated by an authorization server, so this information is primarily for documentation purposes. | -| flows | [OAuth Flows Object](#oauth-flows-object) | `oauth2` | **REQUIRED**. An object containing configuration information for the flow types supported. | -| openIdConnectUrl | `string` | `openIdConnect` | **REQUIRED**. [Well-known URL](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig) to discover the [[OpenID-Connect-Discovery]] [provider metadata](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata). | +| Field Name | Type | Applies To | Description | +| ------------------------------------------------------------------ | :---------------------------------------: | ------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| type | `string` | Any | **REQUIRED**. The type of the security scheme. Valid values are `"apiKey"`, `"http"`, `"oauth2"`, `"openIdConnect"`. | +| description | `string` | Any | A description for security scheme. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | +| name | `string` | `apiKey` | **REQUIRED**. The name of the header, query or cookie parameter to be used. | +| in | `string` | `apiKey` | **REQUIRED**. The location of the API key. Valid values are `"query"`, `"header"`, or `"cookie"`. | +| scheme | `string` | `http` | **REQUIRED**. The name of the HTTP Authentication scheme to be used in the [Authorization header as defined in RFC7235](https://tools.ietf.org/html/rfc7235#section-5.1). The values used SHOULD be registered in the [IANA Authentication Scheme registry](https://www.iana.org/assignments/http-authschemes/http-authschemes.xhtml). The value is case-insensitive, as defined in [RFC7235](https://datatracker.ietf.org/doc/html/rfc7235#section-2.1). | +| bearerFormat | `string` | `http` (`"bearer"`) | A hint to the client to identify how the bearer token is formatted. Bearer tokens are usually generated by an authorization server, so this information is primarily for documentation purposes. | +| flows | [OAuth Flows Object](#oauth-flows-object) | `oauth2` | **REQUIRED**. An object containing configuration information for the flow types supported. | +| openIdConnectUrl | `string` | `openIdConnect` | **REQUIRED**. [Well-known URL](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig) to discover the [[OpenID-Connect-Discovery]] [provider metadata](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata). | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -3644,10 +3644,10 @@ Allows configuration of the supported OAuth Flows. ##### Fixed Fields -| Field Name | Type | Description | -| ----------------------------------------------------------- | :-----------------------------------: | ---------------------------------------------------------------------------------------------------- | -| implicit | [OAuth Flow Object](#oauth-flow-object) | Configuration for the OAuth Implicit flow | -| password | [OAuth Flow Object](#oauth-flow-object) | Configuration for the OAuth Resource Owner Password flow | +| Field Name | Type | Description | +| -------------------------------------------------------------- | :-------------------------------------: | ---------------------------------------------------------------------------------------------------- | +| implicit | [OAuth Flow Object](#oauth-flow-object) | Configuration for the OAuth Implicit flow | +| password | [OAuth Flow Object](#oauth-flow-object) | Configuration for the OAuth Resource Owner Password flow | | clientCredentials | [OAuth Flow Object](#oauth-flow-object) | Configuration for the OAuth Client Credentials flow. Previously called `application` in OpenAPI 2.0. | | authorizationCode | [OAuth Flow Object](#oauth-flow-object) | Configuration for the OAuth Authorization Code flow. Previously called `accessCode` in OpenAPI 2.0. | @@ -3659,12 +3659,12 @@ Configuration details for a supported OAuth Flow ##### Fixed Fields -| Field Name | Type | Applies To | Description | -| -------------------------------------------------------- | :---------------------: | --------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------- | +| Field Name | Type | Applies To | Description | +| ----------------------------------------------------------- | :---------------------: | --------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------- | | authorizationUrl | `string` | `oauth2` (`"implicit"`, `"authorizationCode"`) | **REQUIRED**. The authorization URL to be used for this flow. This MUST be in the form of a URL. The OAuth2 standard requires the use of TLS. | | tokenUrl | `string` | `oauth2` (`"password"`, `"clientCredentials"`, `"authorizationCode"`) | **REQUIRED**. The token URL to be used for this flow. This MUST be in the form of a URL. The OAuth2 standard requires the use of TLS. | | refreshUrl | `string` | `oauth2` | The URL to be used for obtaining refresh tokens. This MUST be in the form of a URL. The OAuth2 standard requires the use of TLS. | -| scopes | Map[`string`, `string`] | `oauth2` | **REQUIRED**. The available scopes for the OAuth2 security scheme. A map between the scope name and a short description for it. The map MAY be empty. | +| scopes | Map[`string`, `string`] | `oauth2` | **REQUIRED**. The available scopes for the OAuth2 security scheme. A map between the scope name and a short description for it. The map MAY be empty. | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -3721,8 +3721,8 @@ When a list of Security Requirement Objects is defined on the [OpenAPI Object](# ##### Patterned Fields -| Field Pattern | Type | Description | -| --------------------------------------------- | :--------: | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Field Pattern | Type | Description | +| ----------------------------------------------- | :--------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | {name} | [`string`] | Each name MUST correspond to a security scheme which is declared in the [Security Schemes](#security-scheme-object) under the [Components Object](#components-object). If the security scheme is of type `"oauth2"` or `"openIdConnect"`, then the value is a list of scope names required for the execution, and the list MAY be empty if authorization does not require a specified scope. For other security scheme types, the array MUST be empty. | ##### Security Requirement Object Examples @@ -3878,8 +3878,8 @@ While the OpenAPI Specification tries to accommodate most use cases, additional The extensions properties are implemented as patterned fields that are always prefixed by `x-`. -| Field Pattern | Type | Description | -| -------------------------------- | :--: | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Field Pattern | Type | Description | +| --------------------------------- | :--: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | ^x- | Any | Allows extensions to the OpenAPI Schema. The field name MUST begin with `x-`, for example, `x-internal-id`. The value can be any valid JSON value (`null`, a primitive, an array, or an object.) | The OpenAPI Initiative maintains several [[OpenAPI-Registry|extension registries]], including registries for [individual extension keywords](https://spec.openapis.org/registry/extension/) and [extension keyword namespaces](https://spec.openapis.org/registry/namespace/). @@ -3978,8 +3978,8 @@ Requiring input as pre-formatted, schema-validated strings also improves round-t Serialization is defined in terms of [RFC6570](https://www.rfc-editor.org/rfc/rfc6570) URI Templates in two scenarios: -| Object | Condition | -| ------------------------------------ | ---------------------------------------------------------------------------------------------------------------- | +| Object | Condition | +| ------------------------------------- | ---------------------------------------------------------------------------------------------------------------- | | [Parameter Object](#parameter-object) | When `schema` is present | | [Encoding Object](#encoding-object) | When encoding for `application/x-www-form-urlencoded` and any of `style`, `explode`, or `allowReserved` are used | From 5382de7d3af27f00dfb0f863df92448a888b5c8a Mon Sep 17 00:00:00 2001 From: Ralf Handl Date: Mon, 26 Aug 2024 15:13:27 +0200 Subject: [PATCH 213/251] format-markdown with compact tables --- package.json | 2 +- versions/3.0.4.md | 624 +++++++++++++++++++++++----------------------- 2 files changed, 313 insertions(+), 313 deletions(-) diff --git a/package.json b/package.json index 7e427cdee4..34b87570b3 100644 --- a/package.json +++ b/package.json @@ -27,6 +27,6 @@ "API" ], "scripts": { - "format-markdown": "npx prettier --write --single-quote versions/3.0.4.md && npx --yes markdownlint-cli --fix --config .markdownlint.yaml versions/3.0.4.md" + "format-markdown": "npx prettier --write --single-quote versions/3.0.4.md && sed -i '' -E -e 's/ +\\|/ |/g' -e 's/\\| +/| /g' -e 's/-----+/----/g' versions/3.0.4.md && npx --yes markdownlint-cli --fix --config .markdownlint.yaml versions/3.0.4.md" } } diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 2137cfd46b..7b30baabf2 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -139,12 +139,12 @@ Several features of this specification require resolution of non-URI-based conne These connections are unambiguously resolved in single-document OADs, but the resolution process in multi-document OADs is _implementation-defined_, within the constraints described in this section. In some cases, an unambiguous URI-based alternative is available, and OAD authors are RECOMMENDED to always use the alternative: -| Source | Target | Alternative | -| --------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------- | --------------------------------- | -| [Security Requirement Object](#security-requirement-object) `{name}` | [Security Scheme Object](#security-scheme-object) name under the [Components Object](#components-object) | _n/a_ | -| [Discriminator Object](#discriminator-object) `mapping` _(implicit, or explicit name syntax)_ | [Schema Object](#schema-object) name under the Components Object | `mapping` _(explicit URI syntax)_ | -| [Operation Object](#operation-object) `tags` | [Tag Object](#tag-object) `name` (in the [OpenAPI Object](#openapi-object)'s `tags` array) | _n/a_ | -| [Link Object](#link-object) `operationId` | [Path Item Object](#path-item-object) `operationId` | `operationRef` | +| Source | Target | Alternative | +| ---- | ---- | ---- | +| [Security Requirement Object](#security-requirement-object) `{name}` | [Security Scheme Object](#security-scheme-object) name under the [Components Object](#components-object) | _n/a_ | +| [Discriminator Object](#discriminator-object) `mapping` _(implicit, or explicit name syntax)_ | [Schema Object](#schema-object) name under the Components Object | `mapping` _(explicit URI syntax)_ | +| [Operation Object](#operation-object) `tags` | [Tag Object](#tag-object) `name` (in the [OpenAPI Object](#openapi-object)'s `tags` array) | _n/a_ | +| [Link Object](#link-object) `operationId` | [Path Item Object](#path-item-object) `operationId` | `operationRef` | A fifth implicit connection involves appending the templated URL paths of the [Paths Object](#paths-object) to the appropriate [Server Object](#server-object)'s `url` field. This is unambiguous because only the entry document's Paths Object contributes URLs to the described API. @@ -187,17 +187,17 @@ Types that are not accompanied by a `format` keyword follow the type definition The formats defined by the OAS are: -| [`type`](#data-types) | [`format`](#data-type-format) | Comments | -| --------------------- | ----------------------------- | ----------------------------------------------------------------------------------------- | -| `integer` | `int32` | signed 32 bits | -| `integer` | `int64` | signed 64 bits (a.k.a long) | -| `number` | `float` | | -| `number` | `double` | | -| `string` | `byte` | base64 encoded characters - [RFC4648](https://www.rfc-editor.org/rfc/rfc4648#section-4) | -| `string` | `binary` | any sequence of octets | -| `string` | `date` | As defined by `full-date` - [RFC3339](https://www.rfc-editor.org/rfc/rfc3339#section-5.6) | -| `string` | `date-time` | As defined by `date-time` - [RFC3339](https://www.rfc-editor.org/rfc/rfc3339#section-5.6) | -| `string` | `password` | A hint to obscure the value. | +| [`type`](#data-types) | [`format`](#data-type-format) | Comments | +| ---- | ---- | ---- | +| `integer` | `int32` | signed 32 bits | +| `integer` | `int64` | signed 64 bits (a.k.a long) | +| `number` | `float` | | +| `number` | `double` | | +| `string` | `byte` | base64 encoded characters - [RFC4648](https://www.rfc-editor.org/rfc/rfc4648#section-4) | +| `string` | `binary` | any sequence of octets | +| `string` | `date` | As defined by `full-date` - [RFC3339](https://www.rfc-editor.org/rfc/rfc3339#section-5.6) | +| `string` | `date-time` | As defined by `date-time` - [RFC3339](https://www.rfc-editor.org/rfc/rfc3339#section-5.6) | +| `string` | `password` | A hint to obscure the value. | #### Working With Binary Data @@ -242,16 +242,16 @@ This is the root object of the [OpenAPI document](#openapi-description). ##### Fixed Fields -| Field Name | Type | Description | -| -------------------------------------------- | :-------------------------------------------------------------: | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| openapi | `string` | **REQUIRED**. This string MUST be the [version number](#versions) of the OpenAPI Specification that the OpenAPI document uses. The `openapi` field SHOULD be used by tooling to interpret the OpenAPI document. This is _not_ related to the API [`info.version`](#info-version) string. | -| info | [Info Object](#info-object) | **REQUIRED**. Provides metadata about the API. The metadata MAY be used by tooling as required. | -| servers | [[Server Object](#server-object)] | An array of Server Objects, which provide connectivity information to a target server. If the `servers` field is not provided, or is an empty array, the default value would be a [Server Object](#server-object) with a [url](#server-url) value of `/`. | -| paths | [Paths Object](#paths-object) | **REQUIRED**. The available paths and operations for the API. | -| components | [Components Object](#components-object) | An element to hold various schemas for the document. | -| security | [[Security Requirement Object](#security-requirement-object)] | A declaration of which security mechanisms can be used across the API. The list of values includes alternative Security Requirement Objects that can be used. Only one of the Security Requirement Objects need to be satisfied to authorize a request. Individual operations can override this definition. To make security optional, an empty security requirement (`{}`) can be included in the array. | -| tags | [[Tag Object](#tag-object)] | A list of tags used by the document with additional metadata. The order of the tags can be used to reflect on their order by the parsing tools. Not all tags that are used by the [Operation Object](#operation-object) must be declared. The tags that are not declared MAY be organized randomly or based on the tools' logic. Each tag name in the list MUST be unique. | -| externalDocs | [External Documentation Object](#external-documentation-object) | Additional external documentation. | +| Field Name | Type | Description | +| ---- | :----: | ---- | +| openapi | `string` | **REQUIRED**. This string MUST be the [version number](#versions) of the OpenAPI Specification that the OpenAPI document uses. The `openapi` field SHOULD be used by tooling to interpret the OpenAPI document. This is _not_ related to the API [`info.version`](#info-version) string. | +| info | [Info Object](#info-object) | **REQUIRED**. Provides metadata about the API. The metadata MAY be used by tooling as required. | +| servers | [[Server Object](#server-object)] | An array of Server Objects, which provide connectivity information to a target server. If the `servers` field is not provided, or is an empty array, the default value would be a [Server Object](#server-object) with a [url](#server-url) value of `/`. | +| paths | [Paths Object](#paths-object) | **REQUIRED**. The available paths and operations for the API. | +| components | [Components Object](#components-object) | An element to hold various schemas for the document. | +| security | [[Security Requirement Object](#security-requirement-object)] | A declaration of which security mechanisms can be used across the API. The list of values includes alternative Security Requirement Objects that can be used. Only one of the Security Requirement Objects need to be satisfied to authorize a request. Individual operations can override this definition. To make security optional, an empty security requirement (`{}`) can be included in the array. | +| tags | [[Tag Object](#tag-object)] | A list of tags used by the document with additional metadata. The order of the tags can be used to reflect on their order by the parsing tools. Not all tags that are used by the [Operation Object](#operation-object) must be declared. The tags that are not declared MAY be organized randomly or based on the tools' logic. Each tag name in the list MUST be unique. | +| externalDocs | [External Documentation Object](#external-documentation-object) | Additional external documentation. | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -262,14 +262,14 @@ The metadata MAY be used by the clients if needed, and MAY be presented in editi ##### Fixed Fields -| Field Name | Type | Description | -| -------------------------------------------------- | :-------------------------------: | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| title | `string` | **REQUIRED**. The title of the API. | -| description | `string` | A description of the API. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | -| termsOfService | `string` | A URL for the Terms of Service for the API. This MUST be in the form of a URL. | -| contact | [Contact Object](#contact-object) | The contact information for the exposed API. | -| license | [License Object](#license-object) | The license information for the exposed API. | -| version | `string` | **REQUIRED**. The version of the OpenAPI document (which is distinct from the [OpenAPI Specification version](#oas-version) or the version of the API being described). | +| Field Name | Type | Description | +| ---- | :----: | ---- | +| title | `string` | **REQUIRED**. The title of the API. | +| description | `string` | A description of the API. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | +| termsOfService | `string` | A URL for the Terms of Service for the API. This MUST be in the form of a URL. | +| contact | [Contact Object](#contact-object) | The contact information for the exposed API. | +| license | [License Object](#license-object) | The license information for the exposed API. | +| version | `string` | **REQUIRED**. The version of the OpenAPI document (which is distinct from the [OpenAPI Specification version](#oas-version) or the version of the API being described). | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -313,10 +313,10 @@ Contact information for the exposed API. ##### Fixed Fields -| Field Name | Type | Description | -| --------------------------------- | :------: | --------------------------------------------------------------------------------------------------- | -| name | `string` | The identifying name of the contact person/organization. | -| url | `string` | The URL for the contact information. This MUST be in the form of a URL. | +| Field Name | Type | Description | +| ---- | :----: | ---- | +| name | `string` | The identifying name of the contact person/organization. | +| url | `string` | The URL for the contact information. This MUST be in the form of a URL. | | email | `string` | The email address of the contact person/organization. This MUST be in the form of an email address. | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -343,10 +343,10 @@ License information for the exposed API. ##### Fixed Fields -| Field Name | Type | Description | -| ------------------------------- | :------: | -------------------------------------------------------------------------- | -| name | `string` | **REQUIRED**. The license name used for the API. | -| url | `string` | A URL for the license used for the API. This MUST be in the form of a URL. | +| Field Name | Type | Description | +| ---- | :----: | ---- | +| name | `string` | **REQUIRED**. The license name used for the API. | +| url | `string` | A URL for the license used for the API. This MUST be in the form of a URL. | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -370,11 +370,11 @@ An object representing a Server. ##### Fixed Fields -| Field Name | Type | Description | -| -------------------------------------------- | :--------------------------------------------------------------: | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| url | `string` | **REQUIRED**. A URL to the target host. This URL supports Server Variables and MAY be relative, to indicate that the host location is relative to the location where the OpenAPI document is being served. Variable substitutions will be made when a variable is named in `{`braces`}`. | -| description | `string` | An optional string describing the host designated by the URL. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | -| variables | Map[`string`, [Server Variable Object](#server-variable-object)] | A map between a variable name and its value. The value is used for substitution in the server's URL template. | +| Field Name | Type | Description | +| ---- | :----: | ---- | +| url | `string` | **REQUIRED**. A URL to the target host. This URL supports Server Variables and MAY be relative, to indicate that the host location is relative to the location where the OpenAPI document is being served. Variable substitutions will be made when a variable is named in `{`braces`}`. | +| description | `string` | An optional string describing the host designated by the URL. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | +| variables | Map[`string`, [Server Variable Object](#server-variable-object)] | A map between a variable name and its value. The value is used for substitution in the server's URL template. | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -476,11 +476,11 @@ An object representing a Server Variable for server URL template substitution. ##### Fixed Fields -| Field Name | Type | Description | -| ----------------------------------------------------- | :--------: | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| enum | [`string`] | An enumeration of string values to be used if the substitution options are from a limited set. The array SHOULD NOT be empty. | -| default | `string` | **REQUIRED**. The default value to use for substitution, which SHALL be sent if an alternate value is _not_ supplied. Note this behavior is different than the [Schema Object's](#schema-object) treatment of default values, because in those cases parameter values are optional. If the [`enum`](#server-variable-enum) is defined, the value SHOULD exist in the enum's values. | -| description | `string` | An optional description for the server variable. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | +| Field Name | Type | Description | +| ---- | :----: | ---- | +| enum | [`string`] | An enumeration of string values to be used if the substitution options are from a limited set. The array SHOULD NOT be empty. | +| default | `string` | **REQUIRED**. The default value to use for substitution, which SHALL be sent if an alternate value is _not_ supplied. Note this behavior is different than the [Schema Object's](#schema-object) treatment of default values, because in those cases parameter values are optional. If the [`enum`](#server-variable-enum) is defined, the value SHOULD exist in the enum's values. | +| description | `string` | An optional description for the server variable. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -491,17 +491,17 @@ All objects defined within the Components Object will have no effect on the API ##### Fixed Fields -| Field Name | Type | Description | -| ------------------------------------------------------ | :-------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------ | -| schemas | Map[`string`, [Schema Object](#schema-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Schema Objects](#schema-object). | -| responses | Map[`string`, [Response Object](#response-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Response Objects](#response-object). | -| parameters | Map[`string`, [Parameter Object](#parameter-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Parameter Objects](#parameter-object). | -| examples | Map[`string`, [Example Object](#example-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Example Objects](#example-object). | -| requestBodies | Map[`string`, [Request Body Object](#request-body-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Request Body Objects](#request-body-object). | -| headers | Map[`string`, [Header Object](#header-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Header Objects](#header-object). | -| securitySchemes | Map[`string`, [Security Scheme Object](#security-scheme-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Security Scheme Objects](#security-scheme-object). | -| links | Map[`string`, [Link Object](#link-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Link Objects](#link-object). | -| callbacks | Map[`string`, [Callback Object](#callback-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Callback Objects](#callback-object). | +| Field Name | Type | Description | +| ---- | :---- | ---- | +| schemas | Map[`string`, [Schema Object](#schema-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Schema Objects](#schema-object). | +| responses | Map[`string`, [Response Object](#response-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Response Objects](#response-object). | +| parameters | Map[`string`, [Parameter Object](#parameter-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Parameter Objects](#parameter-object). | +| examples | Map[`string`, [Example Object](#example-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Example Objects](#example-object). | +| requestBodies | Map[`string`, [Request Body Object](#request-body-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Request Body Objects](#request-body-object). | +| headers | Map[`string`, [Header Object](#header-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Header Objects](#header-object). | +| securitySchemes | Map[`string`, [Security Scheme Object](#security-scheme-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Security Scheme Objects](#security-scheme-object). | +| links | Map[`string`, [Link Object](#link-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Link Objects](#link-object). | +| callbacks | Map[`string`, [Callback Object](#callback-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Callback Objects](#callback-object). | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -698,8 +698,8 @@ The path is appended to the URL from the [Server Object](#server-object) in orde ##### Patterned Fields -| Field Pattern | Type | Description | -| -------------------------------- | :-----------------------------------: | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Field Pattern | Type | Description | +| ---- | :----: | ---- | | /{path} | [Path Item Object](#path-item-object) | A relative path to an individual endpoint. The field name MUST begin with a forward slash (`/`). The path is **appended** (no relative URL resolution) to the expanded URL from the [Server Object](#server-object)'s `url` field in order to construct the full URL. [Path templating](#path-templating) is allowed. When matching URLs, concrete (non-templated) paths would be matched before their templated counterparts. Templated paths with the same hierarchy but different templated names MUST NOT exist as they are identical. In case of ambiguous matching, it's up to the tooling to decide which one to use. | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -777,21 +777,21 @@ The path itself is still exposed to the documentation viewer but they will not k ##### Fixed Fields -| Field Name | Type | Description | -| ----------------------------------------------- | :------------------------------------------------------------------------------: | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| $ref | `string` | Allows for a referenced definition of this path item. The value MUST be in the form of a URL, and the referenced structure MUST be in the form of a [Path Item Object](#path-item-object). In case a Path Item Object field appears both in the defined object and the referenced object, the behavior is undefined. See the rules for resolving [Relative References](#relative-references-in-urls). | -| summary | `string` | An optional string summary, intended to apply to all operations in this path. | -| description | `string` | An optional string description, intended to apply to all operations in this path. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | -| get | [Operation Object](#operation-object) | A definition of a GET operation on this path. | -| put | [Operation Object](#operation-object) | A definition of a PUT operation on this path. | -| post | [Operation Object](#operation-object) | A definition of a POST operation on this path. | -| delete | [Operation Object](#operation-object) | A definition of a DELETE operation on this path. | -| options | [Operation Object](#operation-object) | A definition of a OPTIONS operation on this path. | -| head | [Operation Object](#operation-object) | A definition of a HEAD operation on this path. | -| patch | [Operation Object](#operation-object) | A definition of a PATCH operation on this path. | -| trace | [Operation Object](#operation-object) | A definition of a TRACE operation on this path. | -| servers | [[Server Object](#server-object)] | An alternative `servers` array to service all operations in this path. If a `servers` array is specified at the [OpenAPI Object](#oas-servers) level, it will be overridden by this value. | -| parameters | [[Parameter Object](#parameter-object) \| [Reference Object](#reference-object)] | A list of parameters that are applicable for all the operations described under this path. These parameters can be overridden at the operation level, but cannot be removed there. The list MUST NOT include duplicated parameters. A unique parameter is defined by a combination of a [name](#parameter-name) and [location](#parameter-in). The list can use the [Reference Object](#reference-object) to link to parameters that are defined in the [OpenAPI Object's `components.parameters`](#components-parameters). | +| Field Name | Type | Description | +| ---- | :----: | ---- | +| $ref | `string` | Allows for a referenced definition of this path item. The value MUST be in the form of a URL, and the referenced structure MUST be in the form of a [Path Item Object](#path-item-object). In case a Path Item Object field appears both in the defined object and the referenced object, the behavior is undefined. See the rules for resolving [Relative References](#relative-references-in-urls). | +| summary | `string` | An optional string summary, intended to apply to all operations in this path. | +| description | `string` | An optional string description, intended to apply to all operations in this path. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | +| get | [Operation Object](#operation-object) | A definition of a GET operation on this path. | +| put | [Operation Object](#operation-object) | A definition of a PUT operation on this path. | +| post | [Operation Object](#operation-object) | A definition of a POST operation on this path. | +| delete | [Operation Object](#operation-object) | A definition of a DELETE operation on this path. | +| options | [Operation Object](#operation-object) | A definition of a OPTIONS operation on this path. | +| head | [Operation Object](#operation-object) | A definition of a HEAD operation on this path. | +| patch | [Operation Object](#operation-object) | A definition of a PATCH operation on this path. | +| trace | [Operation Object](#operation-object) | A definition of a TRACE operation on this path. | +| servers | [[Server Object](#server-object)] | An alternative `servers` array to service all operations in this path. If a `servers` array is specified at the [OpenAPI Object](#oas-servers) level, it will be overridden by this value. | +| parameters | [[Parameter Object](#parameter-object) \| [Reference Object](#reference-object)] | A list of parameters that are applicable for all the operations described under this path. These parameters can be overridden at the operation level, but cannot be removed there. The list MUST NOT include duplicated parameters. A unique parameter is defined by a combination of a [name](#parameter-name) and [location](#parameter-in). The list can use the [Reference Object](#reference-object) to link to parameters that are defined in the [OpenAPI Object's `components.parameters`](#components-parameters). | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -885,20 +885,20 @@ Describes a single API operation on a path. ##### Fixed Fields -| Field Name | Type | Description | -| -------------------------------------------------- | :-----------------------------------------------------------------------------------------: | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| tags | [`string`] | A list of tags for API documentation control. Tags can be used for logical grouping of operations by resources or any other qualifier. | -| summary | `string` | A short summary of what the operation does. | -| description | `string` | A verbose explanation of the operation behavior. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | -| externalDocs | [External Documentation Object](#external-documentation-object) | Additional external documentation for this operation. | -| operationId | `string` | Unique string used to identify the operation. The id MUST be unique among all operations described in the API. The operationId value is **case-sensitive**. Tools and libraries MAY use the operationId to uniquely identify an operation, therefore, it is RECOMMENDED to follow common programming naming conventions. | -| parameters | [[Parameter Object](#parameter-object) \| [Reference Object](#reference-object)] | A list of parameters that are applicable for this operation. If a parameter is already defined in the [Path Item](#path-item-parameters), the new definition will override it but can never remove it. The list MUST NOT include duplicated parameters. A unique parameter is defined by a combination of a [name](#parameter-name) and [location](#parameter-in). The list can use the [Reference Object](#reference-object) to link to parameters that are defined in the [OpenAPI Object's `components.parameters`](#components-parameters). | -| requestBody | [Request Body Object](#request-body-object) \| [Reference Object](#reference-object) | The request body applicable for this operation. The `requestBody` is only supported in HTTP methods where the HTTP 1.1 specification [RFC7231](https://tools.ietf.org/html/rfc7231#section-4.3.1) has explicitly defined semantics for request bodies. In other cases where the HTTP spec is vague (such as [GET](https://tools.ietf.org/html/rfc7231#section-4.3.1), [HEAD](https://tools.ietf.org/html/rfc7231#section-4.3.2) and [DELETE](https://tools.ietf.org/html/rfc7231#section-4.3.5)), `requestBody` SHALL be ignored by consumers. | -| responses | [Responses Object](#responses-object) | **REQUIRED**. The list of possible responses as they are returned from executing this operation. | -| callbacks | Map[`string`, [Callback Object](#callback-object) \| [Reference Object](#reference-object)] | A map of possible out-of band callbacks related to the parent operation. The key is a unique identifier for the Callback Object. Each value in the map is a [Callback Object](#callback-object) that describes a request that may be initiated by the API provider and the expected responses. | -| deprecated | `boolean` | Declares this operation to be deprecated. Consumers SHOULD refrain from usage of the declared operation. Default value is `false`. | -| security | [[Security Requirement Object](#security-requirement-object)] | A declaration of which security mechanisms can be used for this operation. The list of values includes alternative Security Requirement Objects that can be used. Only one of the Security Requirement Objects need to be satisfied to authorize a request. To make security optional, an empty security requirement (`{}`) can be included in the array. This definition overrides any declared top-level [`security`](#oas-security). To remove a top-level security declaration, an empty array can be used. | -| servers | [[Server Object](#server-object)] | An alternative `servers` array to service this operation. If a `servers` array is specified at the [Path Item Object](#path-item-servers) or [OpenAPI Object](#oas-servers) level, it will be overridden by this value. | +| Field Name | Type | Description | +| ---- | :----: | ---- | +| tags | [`string`] | A list of tags for API documentation control. Tags can be used for logical grouping of operations by resources or any other qualifier. | +| summary | `string` | A short summary of what the operation does. | +| description | `string` | A verbose explanation of the operation behavior. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | +| externalDocs | [External Documentation Object](#external-documentation-object) | Additional external documentation for this operation. | +| operationId | `string` | Unique string used to identify the operation. The id MUST be unique among all operations described in the API. The operationId value is **case-sensitive**. Tools and libraries MAY use the operationId to uniquely identify an operation, therefore, it is RECOMMENDED to follow common programming naming conventions. | +| parameters | [[Parameter Object](#parameter-object) \| [Reference Object](#reference-object)] | A list of parameters that are applicable for this operation. If a parameter is already defined in the [Path Item](#path-item-parameters), the new definition will override it but can never remove it. The list MUST NOT include duplicated parameters. A unique parameter is defined by a combination of a [name](#parameter-name) and [location](#parameter-in). The list can use the [Reference Object](#reference-object) to link to parameters that are defined in the [OpenAPI Object's `components.parameters`](#components-parameters). | +| requestBody | [Request Body Object](#request-body-object) \| [Reference Object](#reference-object) | The request body applicable for this operation. The `requestBody` is only supported in HTTP methods where the HTTP 1.1 specification [RFC7231](https://tools.ietf.org/html/rfc7231#section-4.3.1) has explicitly defined semantics for request bodies. In other cases where the HTTP spec is vague (such as [GET](https://tools.ietf.org/html/rfc7231#section-4.3.1), [HEAD](https://tools.ietf.org/html/rfc7231#section-4.3.2) and [DELETE](https://tools.ietf.org/html/rfc7231#section-4.3.5)), `requestBody` SHALL be ignored by consumers. | +| responses | [Responses Object](#responses-object) | **REQUIRED**. The list of possible responses as they are returned from executing this operation. | +| callbacks | Map[`string`, [Callback Object](#callback-object) \| [Reference Object](#reference-object)] | A map of possible out-of band callbacks related to the parent operation. The key is a unique identifier for the Callback Object. Each value in the map is a [Callback Object](#callback-object) that describes a request that may be initiated by the API provider and the expected responses. | +| deprecated | `boolean` | Declares this operation to be deprecated. Consumers SHOULD refrain from usage of the declared operation. Default value is `false`. | +| security | [[Security Requirement Object](#security-requirement-object)] | A declaration of which security mechanisms can be used for this operation. The list of values includes alternative Security Requirement Objects that can be used. Only one of the Security Requirement Objects need to be satisfied to authorize a request. To make security optional, an empty security requirement (`{}`) can be included in the array. This definition overrides any declared top-level [`security`](#oas-security). To remove a top-level security declaration, an empty array can be used. | +| servers | [[Server Object](#server-object)] | An alternative `servers` array to service this operation. If a `servers` array is specified at the [Path Item Object](#path-item-servers) or [OpenAPI Object](#oas-servers) level, it will be overridden by this value. | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -1013,10 +1013,10 @@ Allows referencing an external resource for extended documentation. ##### Fixed Fields -| Field Name | Type | Description | -| -------------------------------------------------- | :------: | -------------------------------------------------------------------------------------------------------------------------------------- | +| Field Name | Type | Description | +| ---- | :----: | ---- | | description | `string` | A description of the target documentation. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | -| url | `string` | **REQUIRED**. The URL for the target documentation. This MUST be in the form of a URL. | +| url | `string` | **REQUIRED**. The URL for the target documentation. This MUST be in the form of a URL. | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -1061,13 +1061,13 @@ See [Appendix B](#appendix-b-data-type-conversion) for a discussion of convertin These fields MAY be used with either `content` or `schema`. -| Field Name | Type | Description | -| ---------------------------------------------------------- | :-------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| name | `string` | **REQUIRED**. The name of the parameter. Parameter names are _case sensitive_.
  • If [`in`](#parameter-in) is `"path"`, the `name` field MUST correspond to a template expression occurring within the [path](#paths-path) field in the [Paths Object](#paths-object). See [Path Templating](#path-templating) for further information.
  • If [`in`](#parameter-in) is `"header"` and the `name` field is `"Accept"`, `"Content-Type"` or `"Authorization"`, the parameter definition SHALL be ignored.
  • For all other cases, the `name` corresponds to the parameter name used by the [`in`](#parameter-in) field.
| -| in | `string` | **REQUIRED**. The location of the parameter. Possible values are `"query"`, `"header"`, `"path"` or `"cookie"`. | -| description | `string` | A brief description of the parameter. This could contain examples of use. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | -| required | `boolean` | Determines whether this parameter is mandatory. If the [parameter location](#parameter-in) is `"path"`, this field is **REQUIRED** and its value MUST be `true`. Otherwise, the field MAY be included and its default value is `false`. | -| deprecated | `boolean` | Specifies that a parameter is deprecated and SHOULD be transitioned out of usage. Default value is `false`. | +| Field Name | Type | Description | +| ---- | :----: | ---- | +| name | `string` | **REQUIRED**. The name of the parameter. Parameter names are _case sensitive_.
  • If [`in`](#parameter-in) is `"path"`, the `name` field MUST correspond to a template expression occurring within the [path](#paths-path) field in the [Paths Object](#paths-object). See [Path Templating](#path-templating) for further information.
  • If [`in`](#parameter-in) is `"header"` and the `name` field is `"Accept"`, `"Content-Type"` or `"Authorization"`, the parameter definition SHALL be ignored.
  • For all other cases, the `name` corresponds to the parameter name used by the [`in`](#parameter-in) field.
| +| in | `string` | **REQUIRED**. The location of the parameter. Possible values are `"query"`, `"header"`, `"path"` or `"cookie"`. | +| description | `string` | A brief description of the parameter. This could contain examples of use. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | +| required | `boolean` | Determines whether this parameter is mandatory. If the [parameter location](#parameter-in) is `"path"`, this field is **REQUIRED** and its value MUST be `true`. Otherwise, the field MAY be included and its default value is `false`. | +| deprecated | `boolean` | Specifies that a parameter is deprecated and SHOULD be transitioned out of usage. Default value is `false`. | | allowEmptyValue | `boolean` | If `true`, clients MAY pass a zero-length string value in place of parameters that would otherwise be omitted entirely, which the server SHOULD interpret as the parameter being unused. Default value is `false`. If [`style`](#parameter-style) is used, and if [behavior is _n/a_ (cannot be serialized)](#style-examples), the value of `allowEmptyValue` SHALL be ignored. Interactions between this field and the parameter's [Schema Object](#schema-object) are implementation-defined. This field is valid only for `query` parameters. Use of this field is NOT RECOMMENDED, and it is likely to be removed in a later revision. | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -1082,14 +1082,14 @@ The `example` and `examples` fields are mutually exclusive, and if either is pre Serializing with `schema` is NOT RECOMMENDED for `in: "cookie"` parameters, `in: "header"` parameters that use HTTP header parameters (name=value pairs following a `;`) in their values, or `in: "header"` parameters where values might have non-URL-safe characters; see [Appendix D](#appendix-d-serializing-headers-and-cookies) for details. -| Field Name | Type | Description | -| ---------------------------------------------------- | :----------------------------------------------------------------------------------------: | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| style | `string` | Describes how the parameter value will be serialized depending on the type of the parameter value. Default values (based on value of `in`): for `"query"` - `"form"`; for `"path"` - `"simple"`; for `"header"` - `"simple"`; for `"cookie"` - `"form"`. | -| explode | `boolean` | When this is true, parameter values of type `array` or `object` generate separate parameters for each value of the array or key-value pair of the map. For other types of parameters this field has no effect. When [`style`](#parameter-style) is `"form"`, the default value is `true`. For all other styles, the default value is `false`. Note that despite `false` being the default for `deepObject`, the combination of `false` with `deepObject` is undefined. | -| allowReserved | `boolean` | When this is true, parameter values are serialized using reserved expansion, as defined by [RFC6570](https://datatracker.ietf.org/doc/html/rfc6570#section-3.2.3), which allows [RFC3986's reserved character set](https://datatracker.ietf.org/doc/html/rfc3986#section-2.2), as well as percent-encoded triples, to pass through unchanged, while still percent-encoding all other disallowed characters (including `%` outside of percent-encoded triples). Applications are still responsible for percent-encoding reserved characters that are [not allowed in the query string](https://datatracker.ietf.org/doc/html/rfc3986#section-3.4) (`[`, `]`, `#`), or have a special meaning in `application/x-www-form-urlencoded` (`-`, `&`, `+`); see Appendices [C](#appendix-c-using-rfc6570-implementations) and [E](#appendix-e-percent-encoding-and-form-media-types) for details. This field only applies to parameters with an `in` value of `query`. The default value is `false`. | -| schema | [Schema Object](#schema-object) \| [Reference Object](#reference-object) | The schema defining the type used for the parameter. | -| example | Any | Example of the parameter's potential value; see [Working With Examples](#working-with-examples). | -| examples | Map[ `string`, [Example Object](#example-object) \| [Reference Object](#reference-object)] | Examples of the parameter's potential value; see [Working With Examples](#working-with-examples). | +| Field Name | Type | Description | +| ---- | :----: | ---- | +| style | `string` | Describes how the parameter value will be serialized depending on the type of the parameter value. Default values (based on value of `in`): for `"query"` - `"form"`; for `"path"` - `"simple"`; for `"header"` - `"simple"`; for `"cookie"` - `"form"`. | +| explode | `boolean` | When this is true, parameter values of type `array` or `object` generate separate parameters for each value of the array or key-value pair of the map. For other types of parameters this field has no effect. When [`style`](#parameter-style) is `"form"`, the default value is `true`. For all other styles, the default value is `false`. Note that despite `false` being the default for `deepObject`, the combination of `false` with `deepObject` is undefined. | +| allowReserved | `boolean` | When this is true, parameter values are serialized using reserved expansion, as defined by [RFC6570](https://datatracker.ietf.org/doc/html/rfc6570#section-3.2.3), which allows [RFC3986's reserved character set](https://datatracker.ietf.org/doc/html/rfc3986#section-2.2), as well as percent-encoded triples, to pass through unchanged, while still percent-encoding all other disallowed characters (including `%` outside of percent-encoded triples). Applications are still responsible for percent-encoding reserved characters that are [not allowed in the query string](https://datatracker.ietf.org/doc/html/rfc3986#section-3.4) (`[`, `]`, `#`), or have a special meaning in `application/x-www-form-urlencoded` (`-`, `&`, `+`); see Appendices [C](#appendix-c-using-rfc6570-implementations) and [E](#appendix-e-percent-encoding-and-form-media-types) for details. This field only applies to parameters with an `in` value of `query`. The default value is `false`. | +| schema | [Schema Object](#schema-object) \| [Reference Object](#reference-object) | The schema defining the type used for the parameter. | +| example | Any | Example of the parameter's potential value; see [Working With Examples](#working-with-examples). | +| examples | Map[ `string`, [Example Object](#example-object) \| [Reference Object](#reference-object)] | Examples of the parameter's potential value; see [Working With Examples](#working-with-examples). | See also [Appendix C: Using RFC6570 Implementations](#appendix-c-using-rfc6570-implementations) for additional guidance. @@ -1098,23 +1098,23 @@ See also [Appendix C: Using RFC6570 Implementations](#appendix-c-using-rfc6570-i For more complex scenarios, the [`content`](#parameter-content) field can define the media type and schema of the parameter, as well as give examples of its use. Using `content` with a `text/plain` media type is RECOMMENDED for `in: "header"` and `in: "cookie"` parameters where the `schema` strategy is not appropriate. -| Field Name | Type | Description | -| --------------------------------------- | :----------------------------------------------------: | -------------------------------------------------------------------------------------------------------------------------------------------------- | +| Field Name | Type | Description | +| ---- | :----: | ---- | | content | Map[`string`, [Media Type Object](#media-type-object)] | A map containing the representations for the parameter. The key is the media type and the value describes it. The map MUST only contain one entry. | ##### Style Values In order to support common ways of serializing simple parameters, a set of `style` values are defined. -| `style` | [`type`](#data-types) | `in` | Comments | -| -------------- | ------------------------------ | ----------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| matrix | `primitive`, `array`, `object` | `path` | Path-style parameters defined by [RFC6570](https://tools.ietf.org/html/rfc6570#section-3.2.7) | -| label | `primitive`, `array`, `object` | `path` | Label style parameters defined by [RFC6570](https://tools.ietf.org/html/rfc6570#section-3.2.5) | -| simple | `primitive`, `array`, `object` | `path`, `header` | Simple style parameters defined by [RFC6570](https://tools.ietf.org/html/rfc6570#section-3.2.2). This option replaces `collectionFormat` with a `csv` value from OpenAPI 2.0. | -| form | `primitive`, `array`, `object` | `query`, `cookie` | Form style parameters defined by [RFC6570](https://tools.ietf.org/html/rfc6570#section-3.2.8). This option replaces `collectionFormat` with a `csv` (when `explode` is false) or `multi` (when `explode` is true) value from OpenAPI 2.0. | -| spaceDelimited | `array`, `object` | `query` | Space separated array values or object properties and values. This option replaces `collectionFormat` equal to `ssv` from OpenAPI 2.0. | -| pipeDelimited | `array`, `object` | `query` | Pipe separated array values or object properties and values. This option replaces `collectionFormat` equal to `pipes` from OpenAPI 2.0. | -| deepObject | `object` | `query` | Allows objects with scalar properties to be represented using form parameters. The representation of array or object properties is not defined. | +| `style` | [`type`](#data-types) | `in` | Comments | +| ---- | ---- | ---- | ---- | +| matrix | `primitive`, `array`, `object` | `path` | Path-style parameters defined by [RFC6570](https://tools.ietf.org/html/rfc6570#section-3.2.7) | +| label | `primitive`, `array`, `object` | `path` | Label style parameters defined by [RFC6570](https://tools.ietf.org/html/rfc6570#section-3.2.5) | +| simple | `primitive`, `array`, `object` | `path`, `header` | Simple style parameters defined by [RFC6570](https://tools.ietf.org/html/rfc6570#section-3.2.2). This option replaces `collectionFormat` with a `csv` value from OpenAPI 2.0. | +| form | `primitive`, `array`, `object` | `query`, `cookie` | Form style parameters defined by [RFC6570](https://tools.ietf.org/html/rfc6570#section-3.2.8). This option replaces `collectionFormat` with a `csv` (when `explode` is false) or `multi` (when `explode` is true) value from OpenAPI 2.0. | +| spaceDelimited | `array`, `object` | `query` | Space separated array values or object properties and values. This option replaces `collectionFormat` equal to `ssv` from OpenAPI 2.0. | +| pipeDelimited | `array`, `object` | `query` | Pipe separated array values or object properties and values. This option replaces `collectionFormat` equal to `pipes` from OpenAPI 2.0. | +| deepObject | `object` | `query` | Allows objects with scalar properties to be represented using form parameters. The representation of array or object properties is not defined. | See [Appendix E](#appendix-e-percent-encoding-and-form-media-types) for a discussion of percent-encoding, including when delimiters need to be percent-encoded and options for handling collisions with percent-encoded data. @@ -1137,22 +1137,22 @@ The following table shows examples, as would be shown with the `example` or `exa * Note that the `?` prefix is not appropriate for serializing `application/x-www-form-urlencoded` HTTP message bodies, and MUST be stripped or (if constructing the string manually) not added when used in that context; see the [Encoding Object](#encoding-object) for more information * The examples are percent-encoded as required by RFC6570 and RFC3986; see [Appendix E](#appendix-e-percent-encoding-and-form-media-types) for a thorough discussion of percent-encoding concerns, including why unencoded `|` (`%7C`), `[` (`%5B`), and `]` (`%5D`) seem to work in some environments despite not being compliant. -| [`style`](#style-values) | `explode` | `undefined` | `string` | `array` | `object` | -| ------------------------ | --------- | ------------------------------------------------- | ----------------------------------------------------- | ----------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------- | -| matrix | false | ;color | ;color=blue | ;color=blue,black,brown | ;color=R,100,G,200,B,150 | -| matrix | true | ;color | ;color=blue | ;color=blue;color=black;color=brown | ;R=100;G=200;B=150 | -| label | false | . | .blue | .blue,black,brown | .R,100,G,200,B,150 | -| label | true | . | .blue | .blue.black.brown | .R=100.G=200.B=150 | -| simple | false | _empty_ | blue | blue,black,brown | R,100,G,200,B,150 | -| simple | true | _empty_ | blue | blue,black,brown | R=100,G=200,B=150 | -| form | false | ?color= | ?color=blue | ?color=blue,black,brown | ?color=R,100,G,200,B,150 | -| form | true | ?color= | ?color=blue | ?color=blue&color=black&color=brown | ?R=100&G=200&B=150 | -| spaceDelimited | false | _n/a_ | _n/a_ | ?color=blue%20black%20brown | ?color=R%20100%20G%20200%20B%20150 | -| spaceDelimited | true | _n/a_ | _n/a_ | _n/a_ | _n/a_ | -| pipeDelimited | false | _n/a_ | _n/a_ | ?color=blue%7Cblack%7Cbrown | ?color=R%7C100%7CG%7C200%7CB%7C150 | -| pipeDelimited | true | _n/a_ | _n/a_ | _n/a_ | _n/a_ | -| deepObject | false | _n/a_ | _n/a_ | _n/a_ | _n/a_ | -| deepObject | true | _n/a_ | _n/a_ | _n/a_ | ?color%5BR%5D=100&color%5BG%5D=200&color%5BB%5D=150 | +| [`style`](#style-values) | `explode` | `undefined` | `string` | `array` | `object` | +| ---- | ---- | ---- | ---- | ---- | ---- | +| matrix | false | ;color | ;color=blue | ;color=blue,black,brown | ;color=R,100,G,200,B,150 | +| matrix | true | ;color | ;color=blue | ;color=blue;color=black;color=brown | ;R=100;G=200;B=150 | +| label | false | . | .blue | .blue,black,brown | .R,100,G,200,B,150 | +| label | true | . | .blue | .blue.black.brown | .R=100.G=200.B=150 | +| simple | false | _empty_ | blue | blue,black,brown | R,100,G,200,B,150 | +| simple | true | _empty_ | blue | blue,black,brown | R=100,G=200,B=150 | +| form | false | ?color= | ?color=blue | ?color=blue,black,brown | ?color=R,100,G,200,B,150 | +| form | true | ?color= | ?color=blue | ?color=blue&color=black&color=brown | ?R=100&G=200&B=150 | +| spaceDelimited | false | _n/a_ | _n/a_ | ?color=blue%20black%20brown | ?color=R%20100%20G%20200%20B%20150 | +| spaceDelimited | true | _n/a_ | _n/a_ | _n/a_ | _n/a_ | +| pipeDelimited | false | _n/a_ | _n/a_ | ?color=blue%7Cblack%7Cbrown | ?color=R%7C100%7CG%7C200%7CB%7C150 | +| pipeDelimited | true | _n/a_ | _n/a_ | _n/a_ | _n/a_ | +| deepObject | false | _n/a_ | _n/a_ | _n/a_ | _n/a_ | +| deepObject | true | _n/a_ | _n/a_ | _n/a_ | ?color%5BR%5D=100&color%5BG%5D=200&color%5BB%5D=150 | ##### Parameter Object Examples @@ -1317,11 +1317,11 @@ Describes a single request body. ##### Fixed Fields -| Field Name | Type | Description | -| -------------------------------------------------- | :----------------------------------------------------: | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| description | `string` | A brief description of the request body. This could contain examples of use. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | -| content | Map[`string`, [Media Type Object](#media-type-object)] | **REQUIRED**. The content of the request body. The key is a media type or [media type range](https://tools.ietf.org/html/rfc7231#appendix-D) and the value describes it. For requests that match multiple keys, only the most specific key is applicable. e.g. `"text/plain"` overrides `"text/*"` | -| required | `boolean` | Determines if the request body is required in the request. Defaults to `false`. | +| Field Name | Type | Description | +| ---- | :----: | ---- | +| description | `string` | A brief description of the request body. This could contain examples of use. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | +| content | Map[`string`, [Media Type Object](#media-type-object)] | **REQUIRED**. The content of the request body. The key is a media type or [media type range](https://tools.ietf.org/html/rfc7231#appendix-D) and the value describes it. For requests that match multiple keys, only the most specific key is applicable. e.g. `"text/plain"` overrides `"text/*"` | +| required | `boolean` | Determines if the request body is required in the request. Defaults to `false`. | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -1414,12 +1414,12 @@ See [Working With Examples](#working-with-examples) for further guidance regardi ##### Fixed Fields -| Field Name | Type | Description | -| ------------------------------------------ | :----------------------------------------------------------------------------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| schema | [Schema Object](#schema-object) \| [Reference Object](#reference-object) | The schema defining the content of the request, response, parameter, or header. | -| example | Any | Example of the media type; see [Working With Examples](#working-with-examples). | -| examples | Map[ `string`, [Example Object](#example-object) \| [Reference Object](#reference-object)] | Examples of the media type; see [Working With Examples](#working-with-examples). | -| encoding | Map[`string`, [Encoding Object](#encoding-object)] | A map between a property name and its encoding information. The key, being the property name, MUST exist in the schema as a property. The `encoding` field SHALL only apply to [Request Body Objects](#request-body-object), and only when the media type is `multipart` or `application/x-www-form-urlencoded`. If no Encoding Object is provided for a property, the behavior is determined by the default values documented for the Encoding Object. | +| Field Name | Type | Description | +| ---- | :----: | ---- | +| schema | [Schema Object](#schema-object) \| [Reference Object](#reference-object) | The schema defining the content of the request, response, parameter, or header. | +| example | Any | Example of the media type; see [Working With Examples](#working-with-examples). | +| examples | Map[ `string`, [Example Object](#example-object) \| [Reference Object](#reference-object)] | Examples of the media type; see [Working With Examples](#working-with-examples). | +| encoding | Map[`string`, [Encoding Object](#encoding-object)] | A map between a property name and its encoding information. The key, being the property name, MUST exist in the schema as a property. The `encoding` field SHALL only apply to [Request Body Objects](#request-body-object), and only when the media type is `multipart` or `application/x-www-form-urlencoded`. If no Encoding Object is provided for a property, the behavior is determined by the default values documented for the Encoding Object. | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -1553,22 +1553,22 @@ See [Appendix E](#appendix-e-percent-encoding-and-form-media-types) for a detail These fields MAY be used either with or without the RFC6570-style serialization fields defined in the next section below. -| Field Name | Type | Description | -| ----------------------------------------------- | :-------------------------------------------------------------------------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| contentType | `string` | The `Content-Type` for encoding a specific property. The value is a comma-separated list, each element of which is either a specific media type (e.g. `image/png`) or a wildcard media type (e.g. `image/*`). Default value depends on the property type as shown in the table below. | -| headers | Map[`string`, [Header Object](#header-object) \| [Reference Object](#reference-object)] | A map allowing additional information to be provided as headers. `Content-Type` is described separately and SHALL be ignored in this section. This field SHALL be ignored if the request body media type is not a `multipart`. | +| Field Name | Type | Description | +| ---- | :----: | ---- | +| contentType | `string` | The `Content-Type` for encoding a specific property. The value is a comma-separated list, each element of which is either a specific media type (e.g. `image/png`) or a wildcard media type (e.g. `image/*`). Default value depends on the property type as shown in the table below. | +| headers | Map[`string`, [Header Object](#header-object) \| [Reference Object](#reference-object)] | A map allowing additional information to be provided as headers. `Content-Type` is described separately and SHALL be ignored in this section. This field SHALL be ignored if the request body media type is not a `multipart`. | This object MAY be extended with [Specification Extensions](#specification-extensions). The default values for `contentType` are as follows, where an _n/a_ in the `format` column means that the presence or value of `format` is irrelevant: -| `type` | `format` | Default `contentType` | -| --------------------------------- | ---------------------------------------- | ---------------------------------------------------------- | -| `string` | `binary` _or_ `byte` | `application/octet-stream` | -| `string` | _none, or any except `binary` or `byte`_ | `text/plain` | -| `number`, `integer`, or `boolean` | _n/a_ | `text/plain` | -| `object` | _n/a_ | `application/json` | -| `array` | _n/a_ | according to the `type` and `format` of the `items` schema | +| `type` | `format` | Default `contentType` | +| ---- | ---- | ---- | +| `string` | `binary` _or_ `byte` | `application/octet-stream` | +| `string` | _none, or any except `binary` or `byte`_ | `text/plain` | +| `number`, `integer`, or `boolean` | _n/a_ | `text/plain` | +| `object` | _n/a_ | `application/json` | +| `array` | _n/a_ | according to the `type` and `format` of the `items` schema | Determining how to handle `null` values if `nullable: true` is present depends on how `null` values are being serialized. If `null` values are entirely omitted, then the `contentType` is irrelevant. @@ -1576,10 +1576,10 @@ See [Appendix B](#appendix-b-data-type-conversion) for a discussion of data type ###### Fixed Fields for RFC6570-style Serialization -| Field Name | Type | Description | -| --------------------------------------------------- | :-------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| style | `string` | Describes how a specific property value will be serialized depending on its type. See [Parameter Object](#parameter-object) for details on the [`style`](#parameter-style) field. The behavior follows the same values as `query` parameters, including default values. Note that the initial `?` used in query strings is not used in `application/x-www-form-urlencoded` message bodies, and MUST be removed (if using an RFC6570 implementation) or simply not added (if constructing the string manually). This field SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. | -| explode | `boolean` | When this is true, property values of type `array` or `object` generate separate parameters for each value of the array, or key-value-pair of the map. For other types of properties this field has no effect. When [`style`](#encoding-style) is `"form"`, the default value is `true`. For all other styles, the default value is `false`. Note that despite `false` being the default for `deepObject`, the combination of `false` with `deepObject` is undefined. This field SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. | +| Field Name | Type | Description | +| ---- | :----: | ---- | +| style | `string` | Describes how a specific property value will be serialized depending on its type. See [Parameter Object](#parameter-object) for details on the [`style`](#parameter-style) field. The behavior follows the same values as `query` parameters, including default values. Note that the initial `?` used in query strings is not used in `application/x-www-form-urlencoded` message bodies, and MUST be removed (if using an RFC6570 implementation) or simply not added (if constructing the string manually). This field SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. | +| explode | `boolean` | When this is true, property values of type `array` or `object` generate separate parameters for each value of the array, or key-value-pair of the map. For other types of properties this field has no effect. When [`style`](#encoding-style) is `"form"`, the default value is `true`. For all other styles, the default value is `false`. Note that despite `false` being the default for `deepObject`, the combination of `false` with `deepObject` is undefined. This field SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. | | allowReserved | `boolean` | When this is true, parameter values are serialized using reserved expansion, as defined by [RFC6570](https://datatracker.ietf.org/doc/html/rfc6570#section-3.2.3), which allows [RFC3986's reserved character set](https://datatracker.ietf.org/doc/html/rfc3986#section-2.2), as well as percent-encoded triples, to pass through unchanged, while still percent-encoding all other disallowed characters (including `%` outside of percent-encoded triples). Applications are still responsible for percent-encoding reserved characters that are [not allowed in the query string](https://datatracker.ietf.org/doc/html/rfc3986#section-3.4) (`[`, `]`, `#`), or have a special meaning in `application/x-www-form-urlencoded` (`-`, `&`, `+`); see Appendices [C](#appendix-c-using-rfc6570-implementations) and [E](#appendix-e-percent-encoding-and-form-media-types) for details. The default value is `false`. This field SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. | See also [Appendix C: Using RFC6570 Implementations](#appendix-c-using-rfc6570-implementations) for additional guidance. @@ -1814,14 +1814,14 @@ call. ##### Fixed Fields -| Field Name | Type | Description | -| --------------------------------------- | :--------------------------------------------------------------------------: | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Field Name | Type | Description | +| ---- | :----: | ---- | | default | [Response Object](#response-object) \| [Reference Object](#reference-object) | The documentation of responses other than the ones declared for specific HTTP response codes. Use this field to cover undeclared responses. A [Reference Object](#reference-object) can link to a response that the [OpenAPI Object's `components.responses`](#components-responses) section defines. | ##### Patterned Fields -| Field Pattern | Type | Description | -| ------------------------------------------------------------------- | :--------------------------------------------------------------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Field Pattern | Type | Description | +| ---- | :----: | ---- | | [HTTP Status Code](#http-status-codes) | [Response Object](#response-object) \| [Reference Object](#reference-object) | Any [HTTP status code](#http-status-codes) can be used as the property name, but only one property per code, to describe the expected response for that HTTP status code. A [Reference Object](#reference-object) can link to a response that is defined in the [OpenAPI Object's `components.responses`](#components-responses) section. This field MUST be enclosed in quotation marks (for example, "200") for compatibility between JSON and YAML. To define a range of response codes, this field MAY contain the uppercase wildcard character `X`. For example, `2XX` represents all response codes between `200` and `299`. Only the following range definitions are allowed: `1XX`, `2XX`, `3XX`, `4XX`, and `5XX`. If a response is defined using an explicit code, the explicit code definition takes precedence over the range definition for that code. | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -1877,12 +1877,12 @@ Describes a single response from an API operation, including design-time, static ##### Fixed Fields -| Field Name | Type | Description | -| ---------------------------------------------- | :-------------------------------------------------------------------------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| description | `string` | **REQUIRED**. A description of the response. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | -| headers | Map[`string`, [Header Object](#header-object) \| [Reference Object](#reference-object)] | Maps a header name to its definition. [RFC7230](https://tools.ietf.org/html/rfc7230#section-3.2) states header names are case insensitive. If a response header is defined with the name `"Content-Type"`, it SHALL be ignored. | -| content | Map[`string`, [Media Type Object](#media-type-object)] | A map containing descriptions of potential response payloads. The key is a media type or [media type range](https://tools.ietf.org/html/rfc7231#appendix-D) and the value describes it. For responses that match multiple keys, only the most specific key is applicable. e.g. `"text/plain"` overrides `"text/*"` | -| links | Map[`string`, [Link Object](#link-object) \| [Reference Object](#reference-object)] | A map of operations links that can be followed from the response. The key of the map is a short name for the link, following the naming constraints of the names for [Component Objects](#components-object). | +| Field Name | Type | Description | +| ---- | :----: | ---- | +| description | `string` | **REQUIRED**. A description of the response. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | +| headers | Map[`string`, [Header Object](#header-object) \| [Reference Object](#reference-object)] | Maps a header name to its definition. [RFC7230](https://tools.ietf.org/html/rfc7230#section-3.2) states header names are case insensitive. If a response header is defined with the name `"Content-Type"`, it SHALL be ignored. | +| content | Map[`string`, [Media Type Object](#media-type-object)] | A map containing descriptions of potential response payloads. The key is a media type or [media type range](https://tools.ietf.org/html/rfc7231#appendix-D) and the value describes it. For responses that match multiple keys, only the most specific key is applicable. e.g. `"text/plain"` overrides `"text/*"` | +| links | Map[`string`, [Link Object](#link-object) \| [Reference Object](#reference-object)] | A map of operations links that can be followed from the response. The key of the map is a short name for the link, following the naming constraints of the names for [Component Objects](#components-object). | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -2017,8 +2017,8 @@ The key value used to identify the Path Item Object is an expression, evaluated ##### Patterned Fields -| Field Pattern | Type | Description | -| ---------------------------------------------- | :-----------------------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Field Pattern | Type | Description | +| ---- | :----: | ---- | | {expression} | [Path Item Object](#path-item-object) | A Path Item Object used to define a callback request and expected responses. A [complete example](../examples/v3.0/callback-example.yaml) is available. | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -2057,16 +2057,16 @@ Location: https://example.org/subscription/1 The following examples show how the various expressions evaluate, assuming the callback operation has a path parameter named `eventType` and a query parameter named `queryUrl`. -| Expression | Value | -| ---------------------------- | :------------------------------------------------------------------------------------- | -| $url | | -| $method | POST | -| $request.path.eventType | myevent | -| $request.query.queryUrl | | -| $request.header.content-type | application/json | -| $request.body#/failedUrl | | -| $request.body#/successUrls/1 | | -| $response.header.Location | | +| Expression | Value | +| ---- | :---- | +| $url | | +| $method | POST | +| $request.path.eventType | myevent | +| $request.query.queryUrl | | +| $request.header.content-type | application/json | +| $request.body#/failedUrl | | +| $request.body#/successUrls/1 | | +| $response.header.Location | | ##### Callback Object Examples @@ -2113,11 +2113,11 @@ Examples allow demonstration of the usage of properties, parameters and objects ##### Fixed Fields -| Field Name | Type | Description | -| -------------------------------------------------- | :------: | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| summary | `string` | Short description for the example. | -| description | `string` | Long description for the example. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | -| value | Any | Embedded literal example. The `value` field and `externalValue` field are mutually exclusive. To represent examples of media types that cannot naturally represented in JSON or YAML, use a string value to contain the example, escaping where necessary. | +| Field Name | Type | Description | +| ---- | :----: | ---- | +| summary | `string` | Short description for the example. | +| description | `string` | Long description for the example. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | +| value | Any | Embedded literal example. The `value` field and `externalValue` field are mutually exclusive. To represent examples of media types that cannot naturally represented in JSON or YAML, use a string value to contain the example, escaping where necessary. | | externalValue | `string` | A URL that points to the literal example. This provides the capability to reference examples that cannot easily be included in JSON or YAML documents. The `value` field and `externalValue` field are mutually exclusive. See the rules for resolving [Relative References](#relative-references-in-urls). | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -2289,14 +2289,14 @@ For computing links and providing instructions to execute them, a [runtime expre ##### Fixed Fields -| Field Name | Type | Description | -| --------------------------------------------- | :--------------------------------------------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| operationRef | `string` | A relative or absolute URI reference to an OAS operation. This field is mutually exclusive of the `operationId` field, and MUST point to an [Operation Object](#operation-object). Relative `operationRef` values MAY be used to locate an existing [Operation Object](#operation-object) in the OpenAPI description. | -| operationId | `string` | The name of an _existing_, resolvable OAS operation, as defined with a unique `operationId`. This field is mutually exclusive of the `operationRef` field. | -| parameters | Map[`string`, Any \| [{expression}](#runtime-expressions)] | A map representing parameters to pass to an operation as specified with `operationId` or identified via `operationRef`. The key is the parameter name to be used (optionally qualified with the parameter location, e.g. `path.id` for an `id` parameter in the path), whereas the value can be a constant or an expression to be evaluated and passed to the linked operation. | -| requestBody | Any \| [{expression}](#runtime-expressions) | A literal value or [{expression}](#runtime-expressions) to use as a request body when calling the target operation. | -| description | `string` | A description of the link. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | -| server | [Server Object](#server-object) | A server object to be used by the target operation. | +| Field Name | Type | Description | +| ---- | :----: | ---- | +| operationRef | `string` | A relative or absolute URI reference to an OAS operation. This field is mutually exclusive of the `operationId` field, and MUST point to an [Operation Object](#operation-object). Relative `operationRef` values MAY be used to locate an existing [Operation Object](#operation-object) in the OpenAPI description. | +| operationId | `string` | The name of an _existing_, resolvable OAS operation, as defined with a unique `operationId`. This field is mutually exclusive of the `operationRef` field. | +| parameters | Map[`string`, Any \| [{expression}](#runtime-expressions)] | A map representing parameters to pass to an operation as specified with `operationId` or identified via `operationRef`. The key is the parameter name to be used (optionally qualified with the parameter location, e.g. `path.id` for an `id` parameter in the path), whereas the value can be a constant or an expression to be evaluated and passed to the linked operation. | +| requestBody | Any \| [{expression}](#runtime-expressions) | A literal value or [{expression}](#runtime-expressions) to use as a request body when calling the target operation. | +| description | `string` | A description of the link. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | +| server | [Server Object](#server-object) | A server object to be used by the target operation. | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -2437,15 +2437,15 @@ The table below provides examples of runtime expressions and examples of their u ##### Examples -| Source Location | example expression | notes | -| --------------------- | :------------------------- | :-------------------------------------------------------------------------------------------------------------------------------------------------- | -| HTTP Method | `$method` | The allowable values for the `$method` will be those for the HTTP operation. | -| Requested media type | `$request.header.accept` | | -| Request parameter | `$request.path.id` | Request parameters MUST be declared in the `parameters` section of the parent operation or they cannot be evaluated. This includes request headers. | -| Request body property | `$request.body#/user/uuid` | In operations which accept payloads, references may be made to portions of the `requestBody` or the entire body. | -| Request URL | `$url` | | -| Response value | `$response.body#/status` | In operations which return payloads, references may be made to portions of the response body or the entire body. | -| Response header | `$response.header.Server` | Single header values only are available | +| Source Location | example expression | notes | +| ---- | :---- | :---- | +| HTTP Method | `$method` | The allowable values for the `$method` will be those for the HTTP operation. | +| Requested media type | `$request.header.accept` | | +| Request parameter | `$request.path.id` | Request parameters MUST be declared in the `parameters` section of the parent operation or they cannot be evaluated. This includes request headers. | +| Request body property | `$request.body#/user/uuid` | In operations which accept payloads, references may be made to portions of the `requestBody` or the entire body. | +| Request URL | `$url` | | +| Response value | `$response.body#/status` | In operations which return payloads, references may be made to portions of the response body or the entire body. | +| Response header | `$response.header.Server` | Single header values only are available | Runtime expressions preserve the type of the referenced value. Expressions can be embedded into string values by surrounding the expression with `{}` curly braces. @@ -2466,11 +2466,11 @@ The Header Object follows the structure of the [Parameter Object](#parameter-obj These fields MAY be used with either `content` or `schema`. -| Field Name | Type | Description | -| -------------------------------------------- | :-------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| description | `string` | A brief description of the header. This could contain examples of use. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | -| required | `boolean` | Determines whether this header is mandatory. The default value is `false`. | -| deprecated | `boolean` | Specifies that the header is deprecated and SHOULD be transitioned out of usage. Default value is `false`. | +| Field Name | Type | Description | +| ---- | :----: | ---- | +| description | `string` | A brief description of the header. This could contain examples of use. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | +| required | `boolean` | Determines whether this header is mandatory. The default value is `false`. | +| deprecated | `boolean` | Specifies that the header is deprecated and SHOULD be transitioned out of usage. Default value is `false`. | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -2484,13 +2484,13 @@ Serializing with `schema` is NOT RECOMMENDED for headers with parameters (name=v When `example` or `examples` are provided in conjunction with the `schema` field, the example SHOULD match the specified schema and follow the prescribed serialization strategy for the header. The `example` and `examples` fields are mutually exclusive, and if either is present it SHALL _override_ any `example` in the schema. -| Field Name | Type | Description | -| -------------------------------------- | :----------------------------------------------------------------------------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| style | `string` | Describes how the header value will be serialized. The default (and only legal value for headers) is `"simple"`. | -| explode | `boolean` | When this is true, header values of type `array` or `object` generate a single header whose value is a comma-separated list of the array items or key-value pairs of the map, see [Style Examples](#style-examples). For other data types this field has no effect. The default value is `false`. | -| schema | [Schema Object](#schema-object) \| [Reference Object](#reference-object) | The schema defining the type used for the header. | -| example | Any | Example of the header's potential value; see [Working With Examples](#working-with-examples). | -| examples | Map[ `string`, [Example Object](#example-object) \| [Reference Object](#reference-object)] | Examples of the header's potential value; see [Working With Examples](#working-with-examples). | +| Field Name | Type | Description | +| ---- | :----: | ---- | +| style | `string` | Describes how the header value will be serialized. The default (and only legal value for headers) is `"simple"`. | +| explode | `boolean` | When this is true, header values of type `array` or `object` generate a single header whose value is a comma-separated list of the array items or key-value pairs of the map, see [Style Examples](#style-examples). For other data types this field has no effect. The default value is `false`. | +| schema | [Schema Object](#schema-object) \| [Reference Object](#reference-object) | The schema defining the type used for the header. | +| example | Any | Example of the header's potential value; see [Working With Examples](#working-with-examples). | +| examples | Map[ `string`, [Example Object](#example-object) \| [Reference Object](#reference-object)] | Examples of the header's potential value; see [Working With Examples](#working-with-examples). | See also [Appendix C: Using RFC6570 Implementations](#appendix-c-using-rfc6570-implementations) for additional guidance. @@ -2499,8 +2499,8 @@ See also [Appendix C: Using RFC6570 Implementations](#appendix-c-using-rfc6570-i For more complex scenarios, the [`content`](#header-content) field can define the media type and schema of the header, as well as give examples of its use. Using `content` with a `text/plain` media type is RECOMMENDED for headers where the `schema` strategy is not appropriate. -| Field Name | Type | Description | -| ------------------------------------ | :----------------------------------------------------: | ----------------------------------------------------------------------------------------------------------------------------------------------- | +| Field Name | Type | Description | +| ---- | :----: | ---- | | content | Map[`string`, [Media Type Object](#media-type-object)] | A map containing the representations for the header. The key is the media type and the value describes it. The map MUST only contain one entry. | ##### Header Object Example @@ -2556,11 +2556,11 @@ It is not mandatory to have a Tag Object per tag defined in the Operation Object ##### Fixed Fields -| Field Name | Type | Description | -| -------------------------------------------- | :-------------------------------------------------------------: | ---------------------------------------------------------------------------------------------------------------------- | -| name | `string` | **REQUIRED**. The name of the tag. | -| description | `string` | A description for the tag. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | -| externalDocs | [External Documentation Object](#external-documentation-object) | Additional external documentation for this tag. | +| Field Name | Type | Description | +| ---- | :----: | ---- | +| name | `string` | **REQUIRED**. The name of the tag. | +| description | `string` | A description for the tag. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | +| externalDocs | [External Documentation Object](#external-documentation-object) | Additional external documentation for this tag. | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -2588,8 +2588,8 @@ For this specification, reference resolution is accomplished as defined by the J ##### Fixed Fields -| Field Name | Type | Description | -| -------------------------------- | :------: | ----------------------------------- | +| Field Name | Type | Description | +| ---- | :----: | ---- | | $ref | `string` | **REQUIRED**. The reference string. | This object cannot be extended with additional properties, and any properties added SHALL be ignored. @@ -2682,16 +2682,16 @@ Other than the JSON Schema subset fields, the following fields MAY be used for f ##### Fixed Fields -| Field Name | Type | Description | -| ------------------------------------------------ | :-------------------------------------------------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| nullable | `boolean` | This keyword only takes effect if `type` is explicitly defined within the same Schema Object. A `true` value indicates that both `null` values and values of the type specified by `type` are allowed. Other Schema Object constraints retain their defined behavior, and therefore may disallow the use of `null` as a value. A `false` value leaves the specified or default `type` unmodified. The default value is `false`. | -| discriminator | [Discriminator Object](#discriminator-object) | Adds support for polymorphism. The discriminator is used to determine which of a set of schemas a payload is expected to satisfy. See [Composition and Inheritance](#composition-and-inheritance-polymorphism) for more details. | -| readOnly | `boolean` | Relevant only for Schema Object `properties` definitions. Declares the property as "read only". This means that it MAY be sent as part of a response but SHOULD NOT be sent as part of the request. If the property is marked as `readOnly` being `true` and is in the `required` list, the `required` will take effect on the response only. A property MUST NOT be marked as both `readOnly` and `writeOnly` being `true`. Default value is `false`. | -| writeOnly | `boolean` | Relevant only for Schema Object `properties` definitions. Declares the property as "write only". Therefore, it MAY be sent as part of a request but SHOULD NOT be sent as part of the response. If the property is marked as `writeOnly` being `true` and is in the `required` list, the `required` will take effect on the request only. A property MUST NOT be marked as both `readOnly` and `writeOnly` being `true`. Default value is `false`. | -| xml | [XML Object](#xml-object) | This MAY be used only on property schemas. It has no effect on root schemas. Adds additional metadata to describe the XML representation of this property. | -| externalDocs | [External Documentation Object](#external-documentation-object) | Additional external documentation for this schema. | -| example | Any | A free-form field to include an example of an instance for this schema. To represent examples that cannot be naturally represented in JSON or YAML, a string value can be used to contain the example with escaping where necessary. | -| deprecated | `boolean` | Specifies that a schema is deprecated and SHOULD be transitioned out of usage. Default value is `false`. | +| Field Name | Type | Description | +| ---- | :----: | ---- | +| nullable | `boolean` | This keyword only takes effect if `type` is explicitly defined within the same Schema Object. A `true` value indicates that both `null` values and values of the type specified by `type` are allowed. Other Schema Object constraints retain their defined behavior, and therefore may disallow the use of `null` as a value. A `false` value leaves the specified or default `type` unmodified. The default value is `false`. | +| discriminator | [Discriminator Object](#discriminator-object) | Adds support for polymorphism. The discriminator is used to determine which of a set of schemas a payload is expected to satisfy. See [Composition and Inheritance](#composition-and-inheritance-polymorphism) for more details. | +| readOnly | `boolean` | Relevant only for Schema Object `properties` definitions. Declares the property as "read only". This means that it MAY be sent as part of a response but SHOULD NOT be sent as part of the request. If the property is marked as `readOnly` being `true` and is in the `required` list, the `required` will take effect on the response only. A property MUST NOT be marked as both `readOnly` and `writeOnly` being `true`. Default value is `false`. | +| writeOnly | `boolean` | Relevant only for Schema Object `properties` definitions. Declares the property as "write only". Therefore, it MAY be sent as part of a request but SHOULD NOT be sent as part of the response. If the property is marked as `writeOnly` being `true` and is in the `required` list, the `required` will take effect on the request only. A property MUST NOT be marked as both `readOnly` and `writeOnly` being `true`. Default value is `false`. | +| xml | [XML Object](#xml-object) | This MAY be used only on property schemas. It has no effect on root schemas. Adds additional metadata to describe the XML representation of this property. | +| externalDocs | [External Documentation Object](#external-documentation-object) | Additional external documentation for this schema. | +| example | Any | A free-form field to include an example of an instance for this schema. To represent examples that cannot be naturally represented in JSON or YAML, a string value can be used to contain the example with escaping where necessary. | +| deprecated | `boolean` | Specifies that a schema is deprecated and SHOULD be transitioned out of usage. Default value is `false`. | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -3031,10 +3031,10 @@ Note that `discriminator` MUST NOT change the validation outcome of the schema. ##### Fixed Fields -| Field Name | Type | Description | -| -------------------------------------------- | :---------------------: | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| propertyName | `string` | **REQUIRED**. The name of the property in the payload that will hold the discriminating value. This property SHOULD be required in the payload schema, as the behavior when the property is absent is undefined. | -| mapping | Map[`string`, `string`] | An object to hold mappings between payload values and schema names or URI references. | +| Field Name | Type | Description | +| ---- | :----: | ---- | +| propertyName | `string` | **REQUIRED**. The name of the property in the payload that will hold the discriminating value. This property SHOULD be required in the payload schema, as the behavior when the property is absent is undefined. | +| mapping | Map[`string`, `string`] | An object to hold mappings between payload values and schema names or URI references. | ##### Conditions for Using the Discriminator Object @@ -3190,13 +3190,13 @@ See examples for expected behavior. ##### Fixed Fields -| Field Name | Type | Description | -| ------------------------------------- | :-------: | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| name | `string` | Replaces the name of the element/attribute used for the described schema property. When defined within `items`, it will affect the name of the individual XML elements within the list. When defined alongside `type` being `"array"` (outside the `items`), it will affect the wrapping element if and only if `wrapped` is `true`. If `wrapped` is `false`, it will be ignored. | -| namespace | `string` | The URI of the namespace definition. Value MUST be in the form of a non-relative URI. | -| prefix | `string` | The prefix to be used for the [name](#xml-name). | -| attribute | `boolean` | Declares whether the property definition translates to an attribute instead of an element. Default value is `false`. | -| wrapped | `boolean` | MAY be used only for an array definition. Signifies whether the array is wrapped (for example, ``) or unwrapped (``). Default value is `false`. The definition takes effect only when defined alongside `type` being `"array"` (outside the `items`). | +| Field Name | Type | Description | +| ---- | :----: | ---- | +| name | `string` | Replaces the name of the element/attribute used for the described schema property. When defined within `items`, it will affect the name of the individual XML elements within the list. When defined alongside `type` being `"array"` (outside the `items`), it will affect the wrapping element if and only if `wrapped` is `true`. If `wrapped` is `false`, it will be ignored. | +| namespace | `string` | The URI of the namespace definition. Value MUST be in the form of a non-relative URI. | +| prefix | `string` | The prefix to be used for the [name](#xml-name). | +| attribute | `boolean` | Declares whether the property definition translates to an attribute instead of an element. Default value is `false`. | +| wrapped | `boolean` | MAY be used only for an array definition. Signifies whether the array is wrapped (for example, ``) or unwrapped (``). Default value is `false`. The definition takes effect only when defined alongside `type` being `"array"` (outside the `items`). | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -3550,16 +3550,16 @@ Please note that as of 2020, the implicit flow is about to be deprecated by [OAu ##### Fixed Fields -| Field Name | Type | Applies To | Description | -| ------------------------------------------------------------------ | :---------------------------------------: | ------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| type | `string` | Any | **REQUIRED**. The type of the security scheme. Valid values are `"apiKey"`, `"http"`, `"oauth2"`, `"openIdConnect"`. | -| description | `string` | Any | A description for security scheme. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | -| name | `string` | `apiKey` | **REQUIRED**. The name of the header, query or cookie parameter to be used. | -| in | `string` | `apiKey` | **REQUIRED**. The location of the API key. Valid values are `"query"`, `"header"`, or `"cookie"`. | -| scheme | `string` | `http` | **REQUIRED**. The name of the HTTP Authentication scheme to be used in the [Authorization header as defined in RFC7235](https://tools.ietf.org/html/rfc7235#section-5.1). The values used SHOULD be registered in the [IANA Authentication Scheme registry](https://www.iana.org/assignments/http-authschemes/http-authschemes.xhtml). The value is case-insensitive, as defined in [RFC7235](https://datatracker.ietf.org/doc/html/rfc7235#section-2.1). | -| bearerFormat | `string` | `http` (`"bearer"`) | A hint to the client to identify how the bearer token is formatted. Bearer tokens are usually generated by an authorization server, so this information is primarily for documentation purposes. | -| flows | [OAuth Flows Object](#oauth-flows-object) | `oauth2` | **REQUIRED**. An object containing configuration information for the flow types supported. | -| openIdConnectUrl | `string` | `openIdConnect` | **REQUIRED**. [Well-known URL](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig) to discover the [[OpenID-Connect-Discovery]] [provider metadata](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata). | +| Field Name | Type | Applies To | Description | +| ---- | :----: | ---- | ---- | +| type | `string` | Any | **REQUIRED**. The type of the security scheme. Valid values are `"apiKey"`, `"http"`, `"oauth2"`, `"openIdConnect"`. | +| description | `string` | Any | A description for security scheme. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | +| name | `string` | `apiKey` | **REQUIRED**. The name of the header, query or cookie parameter to be used. | +| in | `string` | `apiKey` | **REQUIRED**. The location of the API key. Valid values are `"query"`, `"header"`, or `"cookie"`. | +| scheme | `string` | `http` | **REQUIRED**. The name of the HTTP Authentication scheme to be used in the [Authorization header as defined in RFC7235](https://tools.ietf.org/html/rfc7235#section-5.1). The values used SHOULD be registered in the [IANA Authentication Scheme registry](https://www.iana.org/assignments/http-authschemes/http-authschemes.xhtml). The value is case-insensitive, as defined in [RFC7235](https://datatracker.ietf.org/doc/html/rfc7235#section-2.1). | +| bearerFormat | `string` | `http` (`"bearer"`) | A hint to the client to identify how the bearer token is formatted. Bearer tokens are usually generated by an authorization server, so this information is primarily for documentation purposes. | +| flows | [OAuth Flows Object](#oauth-flows-object) | `oauth2` | **REQUIRED**. An object containing configuration information for the flow types supported. | +| openIdConnectUrl | `string` | `openIdConnect` | **REQUIRED**. [Well-known URL](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig) to discover the [[OpenID-Connect-Discovery]] [provider metadata](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata). | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -3644,12 +3644,12 @@ Allows configuration of the supported OAuth Flows. ##### Fixed Fields -| Field Name | Type | Description | -| -------------------------------------------------------------- | :-------------------------------------: | ---------------------------------------------------------------------------------------------------- | -| implicit | [OAuth Flow Object](#oauth-flow-object) | Configuration for the OAuth Implicit flow | -| password | [OAuth Flow Object](#oauth-flow-object) | Configuration for the OAuth Resource Owner Password flow | +| Field Name | Type | Description | +| ---- | :----: | ---- | +| implicit | [OAuth Flow Object](#oauth-flow-object) | Configuration for the OAuth Implicit flow | +| password | [OAuth Flow Object](#oauth-flow-object) | Configuration for the OAuth Resource Owner Password flow | | clientCredentials | [OAuth Flow Object](#oauth-flow-object) | Configuration for the OAuth Client Credentials flow. Previously called `application` in OpenAPI 2.0. | -| authorizationCode | [OAuth Flow Object](#oauth-flow-object) | Configuration for the OAuth Authorization Code flow. Previously called `accessCode` in OpenAPI 2.0. | +| authorizationCode | [OAuth Flow Object](#oauth-flow-object) | Configuration for the OAuth Authorization Code flow. Previously called `accessCode` in OpenAPI 2.0. | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -3659,12 +3659,12 @@ Configuration details for a supported OAuth Flow ##### Fixed Fields -| Field Name | Type | Applies To | Description | -| ----------------------------------------------------------- | :---------------------: | --------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------- | -| authorizationUrl | `string` | `oauth2` (`"implicit"`, `"authorizationCode"`) | **REQUIRED**. The authorization URL to be used for this flow. This MUST be in the form of a URL. The OAuth2 standard requires the use of TLS. | -| tokenUrl | `string` | `oauth2` (`"password"`, `"clientCredentials"`, `"authorizationCode"`) | **REQUIRED**. The token URL to be used for this flow. This MUST be in the form of a URL. The OAuth2 standard requires the use of TLS. | -| refreshUrl | `string` | `oauth2` | The URL to be used for obtaining refresh tokens. This MUST be in the form of a URL. The OAuth2 standard requires the use of TLS. | -| scopes | Map[`string`, `string`] | `oauth2` | **REQUIRED**. The available scopes for the OAuth2 security scheme. A map between the scope name and a short description for it. The map MAY be empty. | +| Field Name | Type | Applies To | Description | +| ---- | :----: | ---- | ---- | +| authorizationUrl | `string` | `oauth2` (`"implicit"`, `"authorizationCode"`) | **REQUIRED**. The authorization URL to be used for this flow. This MUST be in the form of a URL. The OAuth2 standard requires the use of TLS. | +| tokenUrl | `string` | `oauth2` (`"password"`, `"clientCredentials"`, `"authorizationCode"`) | **REQUIRED**. The token URL to be used for this flow. This MUST be in the form of a URL. The OAuth2 standard requires the use of TLS. | +| refreshUrl | `string` | `oauth2` | The URL to be used for obtaining refresh tokens. This MUST be in the form of a URL. The OAuth2 standard requires the use of TLS. | +| scopes | Map[`string`, `string`] | `oauth2` | **REQUIRED**. The available scopes for the OAuth2 security scheme. A map between the scope name and a short description for it. The map MAY be empty. | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -3721,8 +3721,8 @@ When a list of Security Requirement Objects is defined on the [OpenAPI Object](# ##### Patterned Fields -| Field Pattern | Type | Description | -| ----------------------------------------------- | :--------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| Field Pattern | Type | Description | +| ---- | :----: | ---- | | {name} | [`string`] | Each name MUST correspond to a security scheme which is declared in the [Security Schemes](#security-scheme-object) under the [Components Object](#components-object). If the security scheme is of type `"oauth2"` or `"openIdConnect"`, then the value is a list of scope names required for the execution, and the list MAY be empty if authorization does not require a specified scope. For other security scheme types, the array MUST be empty. | ##### Security Requirement Object Examples @@ -3878,9 +3878,9 @@ While the OpenAPI Specification tries to accommodate most use cases, additional The extensions properties are implemented as patterned fields that are always prefixed by `x-`. -| Field Pattern | Type | Description | -| --------------------------------- | :--: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| ^x- | Any | Allows extensions to the OpenAPI Schema. The field name MUST begin with `x-`, for example, `x-internal-id`. The value can be any valid JSON value (`null`, a primitive, an array, or an object.) | +| Field Pattern | Type | Description | +| ---- | :--: | ---- | +| ^x- | Any | Allows extensions to the OpenAPI Schema. The field name MUST begin with `x-`, for example, `x-internal-id`. The value can be any valid JSON value (`null`, a primitive, an array, or an object.) | The OpenAPI Initiative maintains several [[OpenAPI-Registry|extension registries]], including registries for [individual extension keywords](https://spec.openapis.org/registry/extension/) and [extension keyword namespaces](https://spec.openapis.org/registry/namespace/). @@ -3930,21 +3930,21 @@ Certain fields allow the use of Markdown which can contain HTML including script ## Appendix A: Revision History -| Version | Date | Notes | -| --------- | ---------- | ------------------------------------------------- | -| 3.0.4 | TBD | Patch release of the OpenAPI Specification 3.0.4 | -| 3.0.3 | 2020-02-20 | Patch release of the OpenAPI Specification 3.0.3 | -| 3.0.2 | 2018-10-08 | Patch release of the OpenAPI Specification 3.0.2 | -| 3.0.1 | 2017-12-06 | Patch release of the OpenAPI Specification 3.0.1 | -| 3.0.0 | 2017-07-26 | Release of the OpenAPI Specification 3.0.0 | -| 3.0.0-rc2 | 2017-06-16 | rc2 of the 3.0 specification | -| 3.0.0-rc1 | 2017-04-27 | rc1 of the 3.0 specification | -| 3.0.0-rc0 | 2017-02-28 | Implementer's Draft of the 3.0 specification | -| 2.0 | 2015-12-31 | Donation of Swagger 2.0 to the OpenAPI Initiative | -| 2.0 | 2014-09-08 | Release of Swagger 2.0 | -| 1.2 | 2014-03-14 | Initial release of the formal document. | -| 1.1 | 2012-08-22 | Release of Swagger 1.1 | -| 1.0 | 2011-08-10 | First release of the Swagger Specification | +| Version | Date | Notes | +| ---- | ---- | ---- | +| 3.0.4 | TBD | Patch release of the OpenAPI Specification 3.0.4 | +| 3.0.3 | 2020-02-20 | Patch release of the OpenAPI Specification 3.0.3 | +| 3.0.2 | 2018-10-08 | Patch release of the OpenAPI Specification 3.0.2 | +| 3.0.1 | 2017-12-06 | Patch release of the OpenAPI Specification 3.0.1 | +| 3.0.0 | 2017-07-26 | Release of the OpenAPI Specification 3.0.0 | +| 3.0.0-rc2 | 2017-06-16 | rc2 of the 3.0 specification | +| 3.0.0-rc1 | 2017-04-27 | rc1 of the 3.0 specification | +| 3.0.0-rc0 | 2017-02-28 | Implementer's Draft of the 3.0 specification | +| 2.0 | 2015-12-31 | Donation of Swagger 2.0 to the OpenAPI Initiative | +| 2.0 | 2014-09-08 | Release of Swagger 2.0 | +| 1.2 | 2014-03-14 | Initial release of the formal document. | +| 1.1 | 2012-08-22 | Release of Swagger 1.1 | +| 1.0 | 2011-08-10 | First release of the Swagger Specification | ## Appendix B: Data Type Conversion @@ -3978,10 +3978,10 @@ Requiring input as pre-formatted, schema-validated strings also improves round-t Serialization is defined in terms of [RFC6570](https://www.rfc-editor.org/rfc/rfc6570) URI Templates in two scenarios: -| Object | Condition | -| ------------------------------------- | ---------------------------------------------------------------------------------------------------------------- | -| [Parameter Object](#parameter-object) | When `schema` is present | -| [Encoding Object](#encoding-object) | When encoding for `application/x-www-form-urlencoded` and any of `style`, `explode`, or `allowReserved` are used | +| Object | Condition | +| ---- | ---- | +| [Parameter Object](#parameter-object) | When `schema` is present | +| [Encoding Object](#encoding-object) | When encoding for `application/x-www-form-urlencoded` and any of `style`, `explode`, or `allowReserved` are used | Implementations of this specification MAY use an implementation of RFC6570 to perform variable expansion, however, some caveats apply. @@ -3994,16 +3994,16 @@ Using an implementation with a lower level of support will require additional ma Certain field values translate to RFC6570 [operators](https://datatracker.ietf.org/doc/html/rfc6570#section-2.2) (or lack thereof): -| field | value | equivalent | -| ------------- | ---------- | ------------------- | -| style | `"simple"` | _n/a_ | -| style | `"matrix"` | `;` prefix operator | -| style | `"label"` | `.` prefix operator | -| style | `"form"` | `?` prefix operator | -| allowReserved | `false` | _n/a_ | -| allowReserved | `true` | `+` prefix operator | -| explode | `false` | _n/a_ | -| explode | `true` | `*` modifier suffix | +| field | value | equivalent | +| ---- | ---- | ---- | +| style | `"simple"` | _n/a_ | +| style | `"matrix"` | `;` prefix operator | +| style | `"label"` | `.` prefix operator | +| style | `"form"` | `?` prefix operator | +| allowReserved | `false` | _n/a_ | +| allowReserved | `true` | `+` prefix operator | +| explode | `false` | _n/a_ | +| explode | `true` | `*` modifier suffix | Multiple `style: "form"` parameters are equivalent to a single RFC6570 [variable list](https://www.rfc-editor.org/rfc/rfc6570#section-2.2) using the `?` prefix operator: @@ -4274,11 +4274,11 @@ Unfortunately, these specifications each define slightly different percent-encod This specification normatively cites the following relevant standards: -| Specification | Date | OAS Usage | Percent-Encoding | Notes | -| ---------------------------------------------------------------------- | ------- | --------------------------- | ---------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| [RFC3986](https://www.rfc-editor.org/rfc/rfc3986) | 01/2005 | URI/URL syntax | [[RFC3986]] | obsoletes [[RFC1738]], [[RFC2396]] | -| [RFC6570](https://www.rfc-editor.org/rfc/rfc6570) | 03/2012 | style-based serialization | [[RFC3986]] | does not use `+` for form‑urlencoded | -| [RFC1866](https://datatracker.ietf.org/doc/html/rfc1866#section-8.2.1) | 11/1995 | content-based serialization | [[RFC1738]] | obsoleted by [[HTML401]] [Section 17.13.4.1](https://www.w3.org/TR/html401/interact/forms.html#h-17.13.4.1), [[URL]] [Section 5](https://url.spec.whatwg.org/#urlencoded-serializing) | +| Specification | Date | OAS Usage | Percent-Encoding | Notes | +| ---- | ---- | ---- | ---- | ---- | +| [RFC3986](https://www.rfc-editor.org/rfc/rfc3986) | 01/2005 | URI/URL syntax | [[RFC3986]] | obsoletes [[RFC1738]], [[RFC2396]] | +| [RFC6570](https://www.rfc-editor.org/rfc/rfc6570) | 03/2012 | style-based serialization | [[RFC3986]] | does not use `+` for form‑urlencoded | +| [RFC1866](https://datatracker.ietf.org/doc/html/rfc1866#section-8.2.1) | 11/1995 | content-based serialization | [[RFC1738]] | obsoleted by [[HTML401]] [Section 17.13.4.1](https://www.w3.org/TR/html401/interact/forms.html#h-17.13.4.1), [[URL]] [Section 5](https://url.spec.whatwg.org/#urlencoded-serializing) | Style-based serialization is used in the [Parameter Object](#parameter-object) when `schema` is present, and in the [Encoding Object](#encoding-object) when at least one of `style`, `explode`, or `allowReserved` is present. See [Appendix C](#appendix-c-using-rfc6570-implementations) for more details of RFC6570's two different approaches to percent-encoding, including an example involving `+`. From 55e87c33c143c2467722885bab74b72a3693d9a0 Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Mon, 26 Aug 2024 09:32:33 -0700 Subject: [PATCH 214/251] "Object" def, "with" in titles, fix level Define capital-O "Object" to make it clear why it is only occasionally capitalized. Use lowercase "with" in titles consistently (it was more common than capitalized "With". This is one of those rules that is different depending on whose style guide you use- about half the major guides say always lowercase, the other say always captial. We were using lowercase more often. Also, fix "Working with Examples" to be a subsection of the Example Object as otherwise it breaks the pattern of all of the headings of its level being Object definitions. I remember messing with this a lot when I first posted that PR and either I just missed this or I had some reason I have now forgotten to do it this way. --- versions/3.0.4.md | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 9878a77fef..39dd254065 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -28,6 +28,10 @@ A "schema" is a formal description of syntax and structure. This document serves as the [schema](#schema) for the OpenAPI Specification format; a non-authoritative JSON Schema based on this document is also provided on [spec.openapis.org](https://spec.openapis.org) for informational purposes. This specification also _uses_ schemas in the form of the [Schema Object](#schema-object). +### Object + +When capitalized, the word "Object" refers to any of the Objects that are named by section headings in this document. + ### Path Templating Path templating refers to the usage of template expressions, delimited by curly braces (`{}`), to mark a section of a URL path as replaceable using path parameters. @@ -199,7 +203,7 @@ The formats defined by the OAS are: | `string` | `date-time` | As defined by `date-time` - [RFC3339](https://www.rfc-editor.org/rfc/rfc3339#section-5.6) | | `string` | `password` | A hint to obscure the value. | -#### Working With Binary Data +#### Working with Binary Data Two formats, `binary` and `byte`, describe different ways to work with binary data: @@ -2125,7 +2129,7 @@ This object MAY be extended with [Specification Extensions](#specification-exten In all cases, the example value SHOULD be compatible with the schema of its associated value. Tooling implementations MAY choose to validate compatibility automatically, and reject the example value(s) if incompatible. -#### Working With Examples +##### Working with Examples Example Objects can be used in both [Parameter Objects](#parameter-object) and [Media Type Objects](#media-type-object). In both objects, this is done through the `examples` (plural) field. @@ -2618,7 +2622,7 @@ $ref: '#/components/schemas/Pet' $ref: Pet.yaml ``` -##### Relative Documents With Embedded Schema Example +##### Relative Documents with Embedded Schema Example ```json { @@ -4087,7 +4091,7 @@ when expanded with the data given earlier, we get: ?a=x%2By&b=x%2Fy&c=x%5Ey&words=math,is,fun ``` -#### Expansion With Non-RFC6570-Supported Options +#### Expansion with Non-RFC6570-Supported Options But now let's say that (for some reason), we really want that `/` in the `b` formula to show up as-is in the query string, and we want our words to be space-separated like in a written phrase. To do that, we'll add `allowReserved: true` to `formulas`, and change to `style: "spaceDelimited"` for `words`: From 4a8c4cac2131cc51d11bd74e96983df8a9368902 Mon Sep 17 00:00:00 2001 From: Ralf Handl Date: Tue, 27 Aug 2024 10:24:18 +0200 Subject: [PATCH 215/251] bash script for markdown formatting --- package.json | 2 +- scripts/format-markdown.sh | 13 +++++++++++++ 2 files changed, 14 insertions(+), 1 deletion(-) create mode 100644 scripts/format-markdown.sh diff --git a/package.json b/package.json index 34b87570b3..5ae2cba9bc 100644 --- a/package.json +++ b/package.json @@ -27,6 +27,6 @@ "API" ], "scripts": { - "format-markdown": "npx prettier --write --single-quote versions/3.0.4.md && sed -i '' -E -e 's/ +\\|/ |/g' -e 's/\\| +/| /g' -e 's/-----+/----/g' versions/3.0.4.md && npx --yes markdownlint-cli --fix --config .markdownlint.yaml versions/3.0.4.md" + "format-markdown": "bash ./scripts/format-markdown.sh ./versions/3.0.4.md" } } diff --git a/scripts/format-markdown.sh b/scripts/format-markdown.sh new file mode 100644 index 0000000000..b592a6b073 --- /dev/null +++ b/scripts/format-markdown.sh @@ -0,0 +1,13 @@ +#!/bin/bash + +for filename in $*; do + # mostly to format code blocks with examples, unfortunately messes up bullet lists and tables + npx prettier --write --single-quote $filename + + # repair the tables: remove superfluos spaces and dashes that make diffing revisions harder + # and sed -i is not portable, so we need to use a temporary file + sed -E -e "s/ +\|/ |/g" -e "s/\| +/| /g" -e "s/-----+/----/g" $filename > $filename.tmp && mv $filename.tmp $filename + + # repair the bullet lists and various other markdown formatting issues + npx --yes markdownlint-cli --fix --config .markdownlint.yaml $filename +done From 59decdf15740758ad80dbcb4c4a5afd3f4834be3 Mon Sep 17 00:00:00 2001 From: Ralf Handl Date: Tue, 27 Aug 2024 15:24:13 +0200 Subject: [PATCH 216/251] Update format-markdown.sh --- scripts/format-markdown.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scripts/format-markdown.sh b/scripts/format-markdown.sh index b592a6b073..c04b971945 100644 --- a/scripts/format-markdown.sh +++ b/scripts/format-markdown.sh @@ -1,5 +1,7 @@ #!/bin/bash +SRCDIR="$(dirname "${BASH_SOURCE[0]}")" # check on Windows + for filename in $*; do # mostly to format code blocks with examples, unfortunately messes up bullet lists and tables npx prettier --write --single-quote $filename @@ -9,5 +11,5 @@ for filename in $*; do sed -E -e "s/ +\|/ |/g" -e "s/\| +/| /g" -e "s/-----+/----/g" $filename > $filename.tmp && mv $filename.tmp $filename # repair the bullet lists and various other markdown formatting issues - npx --yes markdownlint-cli --fix --config .markdownlint.yaml $filename + npx --yes markdownlint-cli --fix --config $SRCDIR/../.markdownlint.yaml $filename done From adadd5606a3dcb36bcca191bc5d2c7bbf1a7f448 Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Tue, 27 Aug 2024 15:54:48 -0700 Subject: [PATCH 217/251] Port format / integer changes from 3.1.1 This is a slightly different change due to the different JSON Schema draft being referenced. Most notably, the older draft has a section on type applicability, so there is an extra link here that is not present in 3.1.1. Co-authored-by: Mike Kistler --- versions/3.0.4.md | 47 ++++++++++++++++++++++++++--------------------- 1 file changed, 26 insertions(+), 21 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 39dd254065..9718082a50 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -176,32 +176,37 @@ Note that no aspect of implicit connection resolution changes how [URLs are reso ### Data Types -Data types in the OAS are based on the types supported by the [JSON Schema Specification Wright Draft 00](https://tools.ietf.org/html/draft-wright-json-schema-00#section-4.2). -Note that `integer` as a type is also supported and is defined as a JSON number without a fraction or exponent part. -`null` is not supported as a type (see [`nullable`](#schema-nullable) for an alternative solution). -Models are defined using the [Schema Object](#schema-object), which is an extended subset of JSON Schema Specification Wright Draft 00. +Data types in the OAS are based on the non-`null` types supported by the [JSON Schema Validation Specification Draft Wright-00](https://datatracker.ietf.org/doc/html/draft-wright-json-schema-validation-00#autoid-32): +"boolean", "object", "array", "number", "string", or "integer". +See [`nullable`](#schema-nullable) for an alternative solution to "null" as a type. +Models are defined using the [Schema Object](#schema-object), which is an extended subset of JSON Schema Specification Draft Wright-00. -Data types can have an optional modifier keyword: `format`. -OAS uses several known formats to define in fine detail the data type being used. -However, to support documentation needs, the `format` keyword is open `string`-valued and can have any value. -Formats such as `"email"`, `"uuid"`, and so on, MAY be used even though they are not defined by this specification. -The OpenAPI Initiative also hosts a [Format Registry](https://spec.openapis.org/registry/format/) for formats defined by OAS users and other specifications. Support for any registered format is strictly OPTIONAL, and support for one registered format does not imply support for any others. +JSON Schema keywords and `format` values operate on JSON "instances" which may be one of the six JSON data types, "null", "boolean", "object", "array", "number", or "string", with certain keywords and formats [only applying to a specific type](https://datatracker.ietf.org/doc/html/draft-wright-json-schema-validation-00#section-4.1). For example, the `pattern` keyword and the `date-time` format only apply to strings, and treat any instance of the other five types as _automatically valid._ This means JSON Schema keywords and formats do **NOT** implicitly require the expected type. Use the `type` keyword to explicitly constrain the type. -Types that are not accompanied by a `format` keyword follow the type definition in the JSON Schema. Tools that do not recognize a specific `format` MAY default back to the `type` alone, as if the `format` is not specified. +Note that the `type` keyword allows `"integer"` as a value for convenience, but keyword and format applicability does not recognize integers as being of a distinct JSON type from other numbers because [[RFC7159|JSON]] itself does not make that distinction. Since there is no distinct JSON integer type, JSON Schema defines integers mathematically. This means that both `1` and `1.0` are [equivalent](https://datatracker.ietf.org/doc/html/draft-bhutton-json-schema-00#section-4.2.2), and are both considered to be integers. + +#### Data Type Format + +As defined by the [JSON Schema Validation specification](https://datatracker.ietf.org/doc/html/draft-wright-json-schema-validation-00#section-7.3), data types can have an optional modifier keyword: `format`. As described in that specification, `format` is treated as a non-validating annotation by default; the ability to validate `format` varies across implementations. + +The OpenAPI Initiative also hosts a [Format Registry](https://spec.openapis.org/registry/format/) for formats defined by OAS users and other specifications. Support for any registered format is strictly OPTIONAL, and support for one registered format does not imply support for any others. + +Types that are not accompanied by a `format` keyword follow the type definition in the JSON Schema. Tools that do not recognize a specific `format` MAY default back to the `type` alone, as if the `format` is not specified. +For the purpose of [JSON Schema validation](https://datatracker.ietf.org/doc/html/draft-wright-json-schema-validation-00#section-7.1), each format should specify the set of JSON data types for which it applies. In this registry, these types are shown in the "JSON Data Type" column. The formats defined by the OAS are: -| [`type`](#data-types) | [`format`](#data-type-format) | Comments | -| -------------------- | --------------------------- | ----------------------------------------------------------------------------------------- | -| `integer` | `int32` | signed 32 bits | -| `integer` | `int64` | signed 64 bits (a.k.a long) | -| `number` | `float` | | -| `number` | `double` | | -| `string` | `byte` | base64 encoded characters - [RFC4648](https://www.rfc-editor.org/rfc/rfc4648#section-4) | -| `string` | `binary` | any sequence of octets | -| `string` | `date` | As defined by `full-date` - [RFC3339](https://www.rfc-editor.org/rfc/rfc3339#section-5.6) | -| `string` | `date-time` | As defined by `date-time` - [RFC3339](https://www.rfc-editor.org/rfc/rfc3339#section-5.6) | -| `string` | `password` | A hint to obscure the value. | +| `format` | JSON Data Type | Comments | +| ----------- | -------------- | ---------------------------- | +| `int32` | number | signed 32 bits | +| `int64` | number | signed 64 bits (a.k.a long) | +| `float` | number | | +| `double` | number | | +| `byte` | string | base64 encoded characters - [RFC4648](https://www.rfc-editor.org/rfc/rfc4648#section-4) | +| `binary` | string | any sequence of octets | +| `date` | string | As defined by `full-date` - [RFC3339](https://www.rfc-editor.org/rfc/rfc3339#section-5.6) | +| `date-time` | string | As defined by `date-time` - [RFC3339](https://www.rfc-editor.org/rfc/rfc3339#section-5.6) | +| `password` | string | A hint to obscure the value. | #### Working with Binary Data From 2db3a4a8722112b277562b852c988b44cec86803 Mon Sep 17 00:00:00 2001 From: Ralf Handl Date: Wed, 28 Aug 2024 09:54:12 +0200 Subject: [PATCH 218/251] Use same reference style as #4053 --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 9718082a50..2ceb225408 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -2643,7 +2643,7 @@ $ref: definitions.yaml#/Pet The Schema Object allows the definition of input and output data types. These types can be objects, but also primitives and arrays. -This object is an extended subset of the [JSON Schema Specification Wright Draft 00](https://json-schema.org/). +This object is an extended subset of the [JSON Schema Specification Draft Wright-00](https://json-schema.org/). For more information about the keywords, see [JSON Schema Core](https://tools.ietf.org/html/draft-wright-json-schema-00) and [JSON Schema Validation](https://tools.ietf.org/html/draft-wright-json-schema-validation-00). Unless stated otherwise, the keyword definitions follow those of JSON Schema and do not add any additional semantics. From a35b4e9d38296a51b82104252247aa8d885a6f16 Mon Sep 17 00:00:00 2001 From: Ralf Handl Date: Wed, 28 Aug 2024 13:24:30 +0200 Subject: [PATCH 219/251] Update 3.0.4.md --- versions/3.0.4.md | 630 +++++++++++++++++++++++----------------------- 1 file changed, 315 insertions(+), 315 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 9718082a50..25f1f351ee 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -143,12 +143,12 @@ Several features of this specification require resolution of non-URI-based conne These connections are unambiguously resolved in single-document OADs, but the resolution process in multi-document OADs is _implementation-defined_, within the constraints described in this section. In some cases, an unambiguous URI-based alternative is available, and OAD authors are RECOMMENDED to always use the alternative: -| Source | Target | Alternative | -| -------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------- | --------------------------------- | -| [Security Requirement Object](#security-requirement-object) `{name}` | [Security Scheme Object](#security-scheme-object) name under the [Components Object](#components-object) | _n/a_ | -| [Discriminator Object](#discriminator-object) `mapping` _(implicit, or explicit name syntax)_ | [Schema Object](#schema-object) name under the Components Object | `mapping` _(explicit URI syntax)_ | -| [Operation Object](#operation-object) `tags` | [Tag Object](#tag-object) `name` (in the [OpenAPI Object](#openapi-object)'s `tags` array) | _n/a_ | -| [Link Object](#link-object) `operationId` | [Path Item Object](#path-item-object) `operationId` | `operationRef` | +| Source | Target | Alternative | +| ---- | ---- | ---- | +| [Security Requirement Object](#security-requirement-object) `{name}` | [Security Scheme Object](#security-scheme-object) name under the [Components Object](#components-object) | _n/a_ | +| [Discriminator Object](#discriminator-object) `mapping` _(implicit, or explicit name syntax)_ | [Schema Object](#schema-object) name under the Components Object | `mapping` _(explicit URI syntax)_ | +| [Operation Object](#operation-object) `tags` | [Tag Object](#tag-object) `name` (in the [OpenAPI Object](#openapi-object)'s `tags` array) | _n/a_ | +| [Link Object](#link-object) `operationId` | [Path Item Object](#path-item-object) `operationId` | `operationRef` | A fifth implicit connection involves appending the templated URL paths of the [Paths Object](#paths-object) to the appropriate [Server Object](#server-object)'s `url` field. This is unambiguous because only the entry document's Paths Object contributes URLs to the described API. @@ -181,32 +181,32 @@ Data types in the OAS are based on the non-`null` types supported by the [JSON S See [`nullable`](#schema-nullable) for an alternative solution to "null" as a type. Models are defined using the [Schema Object](#schema-object), which is an extended subset of JSON Schema Specification Draft Wright-00. -JSON Schema keywords and `format` values operate on JSON "instances" which may be one of the six JSON data types, "null", "boolean", "object", "array", "number", or "string", with certain keywords and formats [only applying to a specific type](https://datatracker.ietf.org/doc/html/draft-wright-json-schema-validation-00#section-4.1). For example, the `pattern` keyword and the `date-time` format only apply to strings, and treat any instance of the other five types as _automatically valid._ This means JSON Schema keywords and formats do **NOT** implicitly require the expected type. Use the `type` keyword to explicitly constrain the type. +JSON Schema keywords and `format` values operate on JSON "instances" which may be one of the six JSON data types, "null", "boolean", "object", "array", "number", or "string", with certain keywords and formats [only applying to a specific type](https://datatracker.ietf.org/doc/html/draft-wright-json-schema-validation-00#section-4.1). For example, the `pattern` keyword and the `date-time` format only apply to strings, and treat any instance of the other five types as _automatically valid._ This means JSON Schema keywords and formats do **NOT** implicitly require the expected type. Use the `type` keyword to explicitly constrain the type. -Note that the `type` keyword allows `"integer"` as a value for convenience, but keyword and format applicability does not recognize integers as being of a distinct JSON type from other numbers because [[RFC7159|JSON]] itself does not make that distinction. Since there is no distinct JSON integer type, JSON Schema defines integers mathematically. This means that both `1` and `1.0` are [equivalent](https://datatracker.ietf.org/doc/html/draft-bhutton-json-schema-00#section-4.2.2), and are both considered to be integers. +Note that the `type` keyword allows `"integer"` as a value for convenience, but keyword and format applicability does not recognize integers as being of a distinct JSON type from other numbers because [[RFC7159|JSON]] itself does not make that distinction. Since there is no distinct JSON integer type, JSON Schema defines integers mathematically. This means that both `1` and `1.0` are [equivalent](https://datatracker.ietf.org/doc/html/draft-bhutton-json-schema-00#section-4.2.2), and are both considered to be integers. #### Data Type Format As defined by the [JSON Schema Validation specification](https://datatracker.ietf.org/doc/html/draft-wright-json-schema-validation-00#section-7.3), data types can have an optional modifier keyword: `format`. As described in that specification, `format` is treated as a non-validating annotation by default; the ability to validate `format` varies across implementations. -The OpenAPI Initiative also hosts a [Format Registry](https://spec.openapis.org/registry/format/) for formats defined by OAS users and other specifications. Support for any registered format is strictly OPTIONAL, and support for one registered format does not imply support for any others. +The OpenAPI Initiative also hosts a [Format Registry](https://spec.openapis.org/registry/format/) for formats defined by OAS users and other specifications. Support for any registered format is strictly OPTIONAL, and support for one registered format does not imply support for any others. -Types that are not accompanied by a `format` keyword follow the type definition in the JSON Schema. Tools that do not recognize a specific `format` MAY default back to the `type` alone, as if the `format` is not specified. +Types that are not accompanied by a `format` keyword follow the type definition in the JSON Schema. Tools that do not recognize a specific `format` MAY default back to the `type` alone, as if the `format` is not specified. For the purpose of [JSON Schema validation](https://datatracker.ietf.org/doc/html/draft-wright-json-schema-validation-00#section-7.1), each format should specify the set of JSON data types for which it applies. In this registry, these types are shown in the "JSON Data Type" column. The formats defined by the OAS are: -| `format` | JSON Data Type | Comments | -| ----------- | -------------- | ---------------------------- | -| `int32` | number | signed 32 bits | -| `int64` | number | signed 64 bits (a.k.a long) | -| `float` | number | | -| `double` | number | | -| `byte` | string | base64 encoded characters - [RFC4648](https://www.rfc-editor.org/rfc/rfc4648#section-4) | -| `binary` | string | any sequence of octets | -| `date` | string | As defined by `full-date` - [RFC3339](https://www.rfc-editor.org/rfc/rfc3339#section-5.6) | -| `date-time` | string | As defined by `date-time` - [RFC3339](https://www.rfc-editor.org/rfc/rfc3339#section-5.6) | -| `password` | string | A hint to obscure the value. | +| `format` | JSON Data Type | Comments | +| ---- | ---- | ---- | +| `int32` | number | signed 32 bits | +| `int64` | number | signed 64 bits (a.k.a long) | +| `float` | number | | +| `double` | number | | +| `byte` | string | base64 encoded characters - [RFC4648](https://www.rfc-editor.org/rfc/rfc4648#section-4) | +| `binary` | string | any sequence of octets | +| `date` | string | As defined by `full-date` - [RFC3339](https://www.rfc-editor.org/rfc/rfc3339#section-5.6) | +| `date-time` | string | As defined by `date-time` - [RFC3339](https://www.rfc-editor.org/rfc/rfc3339#section-5.6) | +| `password` | string | A hint to obscure the value. | #### Working with Binary Data @@ -251,16 +251,16 @@ This is the root object of the [OpenAPI document](#openapi-description). ##### Fixed Fields -| Field Name | Type | Description | -| ------------------------------------------ | :-----------------------------------------------------------: | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| openapi | `string` | **REQUIRED**. This string MUST be the [version number](#versions) of the OpenAPI Specification that the OpenAPI document uses. The `openapi` field SHOULD be used by tooling to interpret the OpenAPI document. This is _not_ related to the API [`info.version`](#info-version) string. | -| info | [Info Object](#info-object) | **REQUIRED**. Provides metadata about the API. The metadata MAY be used by tooling as required. | -| servers | [[Server Object](#server-object)] | An array of Server Objects, which provide connectivity information to a target server. If the `servers` field is not provided, or is an empty array, the default value would be a [Server Object](#server-object) with a [url](#server-url) value of `/`. | -| paths | [Paths Object](#paths-object) | **REQUIRED**. The available paths and operations for the API. | -| components | [Components Object](#components-object) | An element to hold various schemas for the document. | -| security | [[Security Requirement Object](#security-requirement-object)] | A declaration of which security mechanisms can be used across the API. The list of values includes alternative Security Requirement Objects that can be used. Only one of the Security Requirement Objects need to be satisfied to authorize a request. Individual operations can override this definition. To make security optional, an empty security requirement (`{}`) can be included in the array. | -| tags | [[Tag Object](#tag-object)] | A list of tags used by the document with additional metadata. The order of the tags can be used to reflect on their order by the parsing tools. Not all tags that are used by the [Operation Object](#operation-object) must be declared. The tags that are not declared MAY be organized randomly or based on the tools' logic. Each tag name in the list MUST be unique. | -| externalDocs | [External Documentation Object](#external-documentation-object) | Additional external documentation. | +| Field Name | Type | Description | +| ---- | :----: | ---- | +| openapi | `string` | **REQUIRED**. This string MUST be the [version number](#versions) of the OpenAPI Specification that the OpenAPI document uses. The `openapi` field SHOULD be used by tooling to interpret the OpenAPI document. This is _not_ related to the API [`info.version`](#info-version) string. | +| info | [Info Object](#info-object) | **REQUIRED**. Provides metadata about the API. The metadata MAY be used by tooling as required. | +| servers | [[Server Object](#server-object)] | An array of Server Objects, which provide connectivity information to a target server. If the `servers` field is not provided, or is an empty array, the default value would be a [Server Object](#server-object) with a [url](#server-url) value of `/`. | +| paths | [Paths Object](#paths-object) | **REQUIRED**. The available paths and operations for the API. | +| components | [Components Object](#components-object) | An element to hold various schemas for the document. | +| security | [[Security Requirement Object](#security-requirement-object)] | A declaration of which security mechanisms can be used across the API. The list of values includes alternative Security Requirement Objects that can be used. Only one of the Security Requirement Objects need to be satisfied to authorize a request. Individual operations can override this definition. To make security optional, an empty security requirement (`{}`) can be included in the array. | +| tags | [[Tag Object](#tag-object)] | A list of tags used by the document with additional metadata. The order of the tags can be used to reflect on their order by the parsing tools. Not all tags that are used by the [Operation Object](#operation-object) must be declared. The tags that are not declared MAY be organized randomly or based on the tools' logic. Each tag name in the list MUST be unique. | +| externalDocs | [External Documentation Object](#external-documentation-object) | Additional external documentation. | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -271,14 +271,14 @@ The metadata MAY be used by the clients if needed, and MAY be presented in editi ##### Fixed Fields -| Field Name | Type | Description | -| ----------------------------------------------- | :------------------------------: | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| title | `string` | **REQUIRED**. The title of the API. | -| description | `string` | A description of the API. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | -| termsOfService | `string` | A URL for the Terms of Service for the API. This MUST be in the form of a URL. | -| contact | [Contact Object](#contact-object) | The contact information for the exposed API. | -| license | [License Object](#license-object) | The license information for the exposed API. | -| version | `string` | **REQUIRED**. The version of the OpenAPI document (which is distinct from the [OpenAPI Specification version](#oas-version) or the version of the API being described). | +| Field Name | Type | Description | +| ---- | :----: | ---- | +| title | `string` | **REQUIRED**. The title of the API. | +| description | `string` | A description of the API. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | +| termsOfService | `string` | A URL for the Terms of Service for the API. This MUST be in the form of a URL. | +| contact | [Contact Object](#contact-object) | The contact information for the exposed API. | +| license | [License Object](#license-object) | The license information for the exposed API. | +| version | `string` | **REQUIRED**. The version of the OpenAPI document (which is distinct from the [OpenAPI Specification version](#oas-version) or the version of the API being described). | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -322,10 +322,10 @@ Contact information for the exposed API. ##### Fixed Fields -| Field Name | Type | Description | -| -------------------------------- | :------: | --------------------------------------------------------------------------------------------------- | -| name | `string` | The identifying name of the contact person/organization. | -| url | `string` | The URL for the contact information. This MUST be in the form of a URL. | +| Field Name | Type | Description | +| ---- | :----: | ---- | +| name | `string` | The identifying name of the contact person/organization. | +| url | `string` | The URL for the contact information. This MUST be in the form of a URL. | | email | `string` | The email address of the contact person/organization. This MUST be in the form of an email address. | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -352,10 +352,10 @@ License information for the exposed API. ##### Fixed Fields -| Field Name | Type | Description | -| ------------------------------ | :------: | -------------------------------------------------------------------------- | -| name | `string` | **REQUIRED**. The license name used for the API. | -| url | `string` | A URL for the license used for the API. This MUST be in the form of a URL. | +| Field Name | Type | Description | +| ---- | :----: | ---- | +| name | `string` | **REQUIRED**. The license name used for the API. | +| url | `string` | A URL for the license used for the API. This MUST be in the form of a URL. | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -379,11 +379,11 @@ An object representing a Server. ##### Fixed Fields -| Field Name | Type | Description | -| ------------------------------------------- | :------------------------------------------------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| url | `string` | **REQUIRED**. A URL to the target host. This URL supports Server Variables and MAY be relative, to indicate that the host location is relative to the location where the OpenAPI document is being served. Variable substitutions will be made when a variable is named in `{`braces`}`. | -| description | `string` | An optional string describing the host designated by the URL. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | -| variables | Map[`string`, [Server Variable Object](#server-variable-object)] | A map between a variable name and its value. The value is used for substitution in the server's URL template. | +| Field Name | Type | Description | +| ---- | :----: | ---- | +| url | `string` | **REQUIRED**. A URL to the target host. This URL supports Server Variables and MAY be relative, to indicate that the host location is relative to the location where the OpenAPI document is being served. Variable substitutions will be made when a variable is named in `{`braces`}`. | +| description | `string` | An optional string describing the host designated by the URL. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | +| variables | Map[`string`, [Server Variable Object](#server-variable-object)] | A map between a variable name and its value. The value is used for substitution in the server's URL template. | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -485,11 +485,11 @@ An object representing a Server Variable for server URL template substitution. ##### Fixed Fields -| Field Name | Type | Description | -| --------------------------------------------------- | :--------: | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| enum | [`string`] | An enumeration of string values to be used if the substitution options are from a limited set. The array SHOULD NOT be empty. | -| default | `string` | **REQUIRED**. The default value to use for substitution, which SHALL be sent if an alternate value is _not_ supplied. Note this behavior is different than the [Schema Object's](#schema-object) treatment of default values, because in those cases parameter values are optional. If the [`enum`](#server-variable-enum) is defined, the value SHOULD exist in the enum's values. | -| description | `string` | An optional description for the server variable. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | +| Field Name | Type | Description | +| ---- | :----: | ---- | +| enum | [`string`] | An enumeration of string values to be used if the substitution options are from a limited set. The array SHOULD NOT be empty. | +| default | `string` | **REQUIRED**. The default value to use for substitution, which SHALL be sent if an alternate value is _not_ supplied. Note this behavior is different than the [Schema Object's](#schema-object) treatment of default values, because in those cases parameter values are optional. If the [`enum`](#server-variable-enum) is defined, the value SHOULD exist in the enum's values. | +| description | `string` | An optional description for the server variable. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -500,17 +500,17 @@ All objects defined within the Components Object will have no effect on the API ##### Fixed Fields -| Field Name | Type | Description | -| -------------------------------------------------------- | :----------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------- | -| schemas | Map[`string`, [Schema Object](#schema-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Schema Objects](#schema-object). | -| responses | Map[`string`, [Response Object](#response-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Response Objects](#response-object). | -| parameters | Map[`string`, [Parameter Object](#parameter-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Parameter Objects](#parameter-object). | -| examples | Map[`string`, [Example Object](#example-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Example Objects](#example-object). | -| requestBodies | Map[`string`, [Request Body Object](#request-body-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Request Body Objects](#request-body-object). | -| headers | Map[`string`, [Header Object](#header-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Header Objects](#header-object). | +| Field Name | Type | Description | +| ---- | :---- | ---- | +| schemas | Map[`string`, [Schema Object](#schema-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Schema Objects](#schema-object). | +| responses | Map[`string`, [Response Object](#response-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Response Objects](#response-object). | +| parameters | Map[`string`, [Parameter Object](#parameter-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Parameter Objects](#parameter-object). | +| examples | Map[`string`, [Example Object](#example-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Example Objects](#example-object). | +| requestBodies | Map[`string`, [Request Body Object](#request-body-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Request Body Objects](#request-body-object). | +| headers | Map[`string`, [Header Object](#header-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Header Objects](#header-object). | | securitySchemes | Map[`string`, [Security Scheme Object](#security-scheme-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Security Scheme Objects](#security-scheme-object). | -| links | Map[`string`, [Link Object](#link-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Link Objects](#link-object). | -| callbacks | Map[`string`, [Callback Object](#callback-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Callback Objects](#callback-object). | +| links | Map[`string`, [Link Object](#link-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Link Objects](#link-object). | +| callbacks | Map[`string`, [Callback Object](#callback-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Callback Objects](#callback-object). | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -707,8 +707,8 @@ The path is appended to the URL from the [Server Object](#server-object) in orde ##### Patterned Fields -| Field Pattern | Type | Description | -| ------------------------------- | :---------------------------------: | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Field Pattern | Type | Description | +| ---- | :----: | ---- | | /{path} | [Path Item Object](#path-item-object) | A relative path to an individual endpoint. The field name MUST begin with a forward slash (`/`). The path is **appended** (no relative URL resolution) to the expanded URL from the [Server Object](#server-object)'s `url` field in order to construct the full URL. [Path templating](#path-templating) is allowed. When matching URLs, concrete (non-templated) paths would be matched before their templated counterparts. Templated paths with the same hierarchy but different templated names MUST NOT exist as they are identical. In case of ambiguous matching, it's up to the tooling to decide which one to use. | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -786,21 +786,21 @@ The path itself is still exposed to the documentation viewer but they will not k ##### Fixed Fields -| Field Name | Type | Description | -| --------------------------------------------- | :----------------------------------------------------------------------------: | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| $ref | `string` | Allows for a referenced definition of this path item. The value MUST be in the form of a URL, and the referenced structure MUST be in the form of a [Path Item Object](#path-item-object). In case a Path Item Object field appears both in the defined object and the referenced object, the behavior is undefined. See the rules for resolving [Relative References](#relative-references-in-urls). | -| summary | `string` | An optional string summary, intended to apply to all operations in this path. | -| description | `string` | An optional string description, intended to apply to all operations in this path. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | -| get | [Operation Object](#operation-object) | A definition of a GET operation on this path. | -| put | [Operation Object](#operation-object) | A definition of a PUT operation on this path. | -| post | [Operation Object](#operation-object) | A definition of a POST operation on this path. | -| delete | [Operation Object](#operation-object) | A definition of a DELETE operation on this path. | -| options | [Operation Object](#operation-object) | A definition of a OPTIONS operation on this path. | -| head | [Operation Object](#operation-object) | A definition of a HEAD operation on this path. | -| patch | [Operation Object](#operation-object) | A definition of a PATCH operation on this path. | -| trace | [Operation Object](#operation-object) | A definition of a TRACE operation on this path. | -| servers | [[Server Object](#server-object)] | An alternative `servers` array to service all operations in this path. If a `servers` array is specified at the [OpenAPI Object](#oas-servers) level, it will be overridden by this value. | -| parameters | [[Parameter Object](#parameter-object) \| [Reference Object](#reference-object)] | A list of parameters that are applicable for all the operations described under this path. These parameters can be overridden at the operation level, but cannot be removed there. The list MUST NOT include duplicated parameters. A unique parameter is defined by a combination of a [name](#parameter-name) and [location](#parameter-in). The list can use the [Reference Object](#reference-object) to link to parameters that are defined in the [OpenAPI Object's `components.parameters`](#components-parameters). | +| Field Name | Type | Description | +| ---- | :----: | ---- | +| $ref | `string` | Allows for a referenced definition of this path item. The value MUST be in the form of a URL, and the referenced structure MUST be in the form of a [Path Item Object](#path-item-object). In case a Path Item Object field appears both in the defined object and the referenced object, the behavior is undefined. See the rules for resolving [Relative References](#relative-references-in-urls). | +| summary | `string` | An optional string summary, intended to apply to all operations in this path. | +| description | `string` | An optional string description, intended to apply to all operations in this path. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | +| get | [Operation Object](#operation-object) | A definition of a GET operation on this path. | +| put | [Operation Object](#operation-object) | A definition of a PUT operation on this path. | +| post | [Operation Object](#operation-object) | A definition of a POST operation on this path. | +| delete | [Operation Object](#operation-object) | A definition of a DELETE operation on this path. | +| options | [Operation Object](#operation-object) | A definition of a OPTIONS operation on this path. | +| head | [Operation Object](#operation-object) | A definition of a HEAD operation on this path. | +| patch | [Operation Object](#operation-object) | A definition of a PATCH operation on this path. | +| trace | [Operation Object](#operation-object) | A definition of a TRACE operation on this path. | +| servers | [[Server Object](#server-object)] | An alternative `servers` array to service all operations in this path. If a `servers` array is specified at the [OpenAPI Object](#oas-servers) level, it will be overridden by this value. | +| parameters | [[Parameter Object](#parameter-object) \| [Reference Object](#reference-object)] | A list of parameters that are applicable for all the operations described under this path. These parameters can be overridden at the operation level, but cannot be removed there. The list MUST NOT include duplicated parameters. A unique parameter is defined by a combination of a [name](#parameter-name) and [location](#parameter-in). The list can use the [Reference Object](#reference-object) to link to parameters that are defined in the [OpenAPI Object's `components.parameters`](#components-parameters). | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -894,20 +894,20 @@ Describes a single API operation on a path. ##### Fixed Fields -| Field Name | Type | Description | -| ------------------------------------------------ | :---------------------------------------------------------------------------------------: | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| tags | [`string`] | A list of tags for API documentation control. Tags can be used for logical grouping of operations by resources or any other qualifier. | -| summary | `string` | A short summary of what the operation does. | -| description | `string` | A verbose explanation of the operation behavior. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | -| externalDocs | [External Documentation Object](#external-documentation-object) | Additional external documentation for this operation. | -| operationId | `string` | Unique string used to identify the operation. The id MUST be unique among all operations described in the API. The operationId value is **case-sensitive**. Tools and libraries MAY use the operationId to uniquely identify an operation, therefore, it is RECOMMENDED to follow common programming naming conventions. | -| parameters | [[Parameter Object](#parameter-object) \| [Reference Object](#reference-object)] | A list of parameters that are applicable for this operation. If a parameter is already defined in the [Path Item](#path-item-parameters), the new definition will override it but can never remove it. The list MUST NOT include duplicated parameters. A unique parameter is defined by a combination of a [name](#parameter-name) and [location](#parameter-in). The list can use the [Reference Object](#reference-object) to link to parameters that are defined in the [OpenAPI Object's `components.parameters`](#components-parameters). | -| requestBody | [Request Body Object](#request-body-object) \| [Reference Object](#reference-object) | The request body applicable for this operation. The `requestBody` is only supported in HTTP methods where the HTTP 1.1 specification [RFC7231](https://tools.ietf.org/html/rfc7231#section-4.3.1) has explicitly defined semantics for request bodies. In other cases where the HTTP spec is vague (such as [GET](https://tools.ietf.org/html/rfc7231#section-4.3.1), [HEAD](https://tools.ietf.org/html/rfc7231#section-4.3.2) and [DELETE](https://tools.ietf.org/html/rfc7231#section-4.3.5)), `requestBody` SHALL be ignored by consumers. | -| responses | [Responses Object](#responses-object) | **REQUIRED**. The list of possible responses as they are returned from executing this operation. | -| callbacks | Map[`string`, [Callback Object](#callback-object) \| [Reference Object](#reference-object)] | A map of possible out-of band callbacks related to the parent operation. The key is a unique identifier for the Callback Object. Each value in the map is a [Callback Object](#callback-object) that describes a request that may be initiated by the API provider and the expected responses. | -| deprecated | `boolean` | Declares this operation to be deprecated. Consumers SHOULD refrain from usage of the declared operation. Default value is `false`. | -| security | [[Security Requirement Object](#security-requirement-object)] | A declaration of which security mechanisms can be used for this operation. The list of values includes alternative Security Requirement Objects that can be used. Only one of the Security Requirement Objects need to be satisfied to authorize a request. To make security optional, an empty security requirement (`{}`) can be included in the array. This definition overrides any declared top-level [`security`](#oas-security). To remove a top-level security declaration, an empty array can be used. | -| servers | [[Server Object](#server-object)] | An alternative `servers` array to service this operation. If a `servers` array is specified at the [Path Item Object](#path-item-servers) or [OpenAPI Object](#oas-servers) level, it will be overridden by this value. | +| Field Name | Type | Description | +| ---- | :----: | ---- | +| tags | [`string`] | A list of tags for API documentation control. Tags can be used for logical grouping of operations by resources or any other qualifier. | +| summary | `string` | A short summary of what the operation does. | +| description | `string` | A verbose explanation of the operation behavior. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | +| externalDocs | [External Documentation Object](#external-documentation-object) | Additional external documentation for this operation. | +| operationId | `string` | Unique string used to identify the operation. The id MUST be unique among all operations described in the API. The operationId value is **case-sensitive**. Tools and libraries MAY use the operationId to uniquely identify an operation, therefore, it is RECOMMENDED to follow common programming naming conventions. | +| parameters | [[Parameter Object](#parameter-object) \| [Reference Object](#reference-object)] | A list of parameters that are applicable for this operation. If a parameter is already defined in the [Path Item](#path-item-parameters), the new definition will override it but can never remove it. The list MUST NOT include duplicated parameters. A unique parameter is defined by a combination of a [name](#parameter-name) and [location](#parameter-in). The list can use the [Reference Object](#reference-object) to link to parameters that are defined in the [OpenAPI Object's `components.parameters`](#components-parameters). | +| requestBody | [Request Body Object](#request-body-object) \| [Reference Object](#reference-object) | The request body applicable for this operation. The `requestBody` is only supported in HTTP methods where the HTTP 1.1 specification [RFC7231](https://tools.ietf.org/html/rfc7231#section-4.3.1) has explicitly defined semantics for request bodies. In other cases where the HTTP spec is vague (such as [GET](https://tools.ietf.org/html/rfc7231#section-4.3.1), [HEAD](https://tools.ietf.org/html/rfc7231#section-4.3.2) and [DELETE](https://tools.ietf.org/html/rfc7231#section-4.3.5)), `requestBody` SHALL be ignored by consumers. | +| responses | [Responses Object](#responses-object) | **REQUIRED**. The list of possible responses as they are returned from executing this operation. | +| callbacks | Map[`string`, [Callback Object](#callback-object) \| [Reference Object](#reference-object)] | A map of possible out-of band callbacks related to the parent operation. The key is a unique identifier for the Callback Object. Each value in the map is a [Callback Object](#callback-object) that describes a request that may be initiated by the API provider and the expected responses. | +| deprecated | `boolean` | Declares this operation to be deprecated. Consumers SHOULD refrain from usage of the declared operation. Default value is `false`. | +| security | [[Security Requirement Object](#security-requirement-object)] | A declaration of which security mechanisms can be used for this operation. The list of values includes alternative Security Requirement Objects that can be used. Only one of the Security Requirement Objects need to be satisfied to authorize a request. To make security optional, an empty security requirement (`{}`) can be included in the array. This definition overrides any declared top-level [`security`](#oas-security). To remove a top-level security declaration, an empty array can be used. | +| servers | [[Server Object](#server-object)] | An alternative `servers` array to service this operation. If a `servers` array is specified at the [Path Item Object](#path-item-servers) or [OpenAPI Object](#oas-servers) level, it will be overridden by this value. | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -1022,10 +1022,10 @@ Allows referencing an external resource for extended documentation. ##### Fixed Fields -| Field Name | Type | Description | -| ------------------------------------------------ | :------: | -------------------------------------------------------------------------------------------------------------------------------------- | +| Field Name | Type | Description | +| ---- | :----: | ---- | | description | `string` | A description of the target documentation. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | -| url | `string` | **REQUIRED**. The URL for the target documentation. This MUST be in the form of a URL. | +| url | `string` | **REQUIRED**. The URL for the target documentation. This MUST be in the form of a URL. | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -1070,13 +1070,13 @@ See [Appendix B](#appendix-b-data-type-conversion) for a discussion of convertin These fields MAY be used with either `content` or `schema`. -| Field Name | Type | Description | -| ------------------------------------------------------- | :-------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| name | `string` | **REQUIRED**. The name of the parameter. Parameter names are _case sensitive_.
  • If [`in`](#parameter-in) is `"path"`, the `name` field MUST correspond to a template expression occurring within the [path](#paths-path) field in the [Paths Object](#paths-object). See [Path Templating](#path-templating) for further information.
  • If [`in`](#parameter-in) is `"header"` and the `name` field is `"Accept"`, `"Content-Type"` or `"Authorization"`, the parameter definition SHALL be ignored.
  • For all other cases, the `name` corresponds to the parameter name used by the [`in`](#parameter-in) field.
| -| in | `string` | **REQUIRED**. The location of the parameter. Possible values are `"query"`, `"header"`, `"path"` or `"cookie"`. | -| description | `string` | A brief description of the parameter. This could contain examples of use. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | -| required | `boolean` | Determines whether this parameter is mandatory. If the [parameter location](#parameter-in) is `"path"`, this field is **REQUIRED** and its value MUST be `true`. Otherwise, the field MAY be included and its default value is `false`. | -| deprecated | `boolean` | Specifies that a parameter is deprecated and SHOULD be transitioned out of usage. Default value is `false`. | +| Field Name | Type | Description | +| ---- | :----: | ---- | +| name | `string` | **REQUIRED**. The name of the parameter. Parameter names are _case sensitive_.
  • If [`in`](#parameter-in) is `"path"`, the `name` field MUST correspond to a template expression occurring within the [path](#paths-path) field in the [Paths Object](#paths-object). See [Path Templating](#path-templating) for further information.
  • If [`in`](#parameter-in) is `"header"` and the `name` field is `"Accept"`, `"Content-Type"` or `"Authorization"`, the parameter definition SHALL be ignored.
  • For all other cases, the `name` corresponds to the parameter name used by the [`in`](#parameter-in) field.
| +| in | `string` | **REQUIRED**. The location of the parameter. Possible values are `"query"`, `"header"`, `"path"` or `"cookie"`. | +| description | `string` | A brief description of the parameter. This could contain examples of use. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | +| required | `boolean` | Determines whether this parameter is mandatory. If the [parameter location](#parameter-in) is `"path"`, this field is **REQUIRED** and its value MUST be `true`. Otherwise, the field MAY be included and its default value is `false`. | +| deprecated | `boolean` | Specifies that a parameter is deprecated and SHOULD be transitioned out of usage. Default value is `false`. | | allowEmptyValue | `boolean` | If `true`, clients MAY pass a zero-length string value in place of parameters that would otherwise be omitted entirely, which the server SHOULD interpret as the parameter being unused. Default value is `false`. If [`style`](#parameter-style) is used, and if [behavior is _n/a_ (cannot be serialized)](#style-examples), the value of `allowEmptyValue` SHALL be ignored. Interactions between this field and the parameter's [Schema Object](#schema-object) are implementation-defined. This field is valid only for `query` parameters. Use of this field is NOT RECOMMENDED, and it is likely to be removed in a later revision. | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -1091,14 +1091,14 @@ The `example` and `examples` fields are mutually exclusive, and if either is pre Serializing with `schema` is NOT RECOMMENDED for `in: "cookie"` parameters, `in: "header"` parameters that use HTTP header parameters (name=value pairs following a `;`) in their values, or `in: "header"` parameters where values might have non-URL-safe characters; see [Appendix D](#appendix-d-serializing-headers-and-cookies) for details. -| Field Name | Type | Description | -| -------------------------------------------------- | :--------------------------------------------------------------------------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| style | `string` | Describes how the parameter value will be serialized depending on the type of the parameter value. Default values (based on value of `in`): for `"query"` - `"form"`; for `"path"` - `"simple"`; for `"header"` - `"simple"`; for `"cookie"` - `"form"`. | -| explode | `boolean` | When this is true, parameter values of type `array` or `object` generate separate parameters for each value of the array or key-value pair of the map. For other types of parameters this field has no effect. When [`style`](#parameter-style) is `"form"`, the default value is `true`. For all other styles, the default value is `false`. Note that despite `false` being the default for `deepObject`, the combination of `false` with `deepObject` is undefined. | -| allowReserved | `boolean` | When this is true, parameter values are serialized using reserved expansion, as defined by [RFC6570](https://datatracker.ietf.org/doc/html/rfc6570#section-3.2.3), which allows [RFC3986's reserved character set](https://datatracker.ietf.org/doc/html/rfc3986#section-2.2), as well as percent-encoded triples, to pass through unchanged, while still percent-encoding all other disallowed characters (including `%` outside of percent-encoded triples). Applications are still responsible for percent-encoding reserved characters that are [not allowed in the query string](https://datatracker.ietf.org/doc/html/rfc3986#section-3.4) (`[`, `]`, `#`), or have a special meaning in `application/x-www-form-urlencoded` (`-`, `&`, `+`); see Appendices [C](#appendix-c-using-rfc6570-implementations) and [E](#appendix-e-percent-encoding-and-form-media-types) for details. This field only applies to parameters with an `in` value of `query`. The default value is `false`. | -| schema | [Schema Object](#schema-object) \| [Reference Object](#reference-object) | The schema defining the type used for the parameter. | -| example | Any | Example of the parameter's potential value; see [Working With Examples](#working-with-examples). | -| examples | Map[ `string`, [Example Object](#example-object) \| [Reference Object](#reference-object)] | Examples of the parameter's potential value; see [Working With Examples](#working-with-examples). | +| Field Name | Type | Description | +| ---- | :----: | ---- | +| style | `string` | Describes how the parameter value will be serialized depending on the type of the parameter value. Default values (based on value of `in`): for `"query"` - `"form"`; for `"path"` - `"simple"`; for `"header"` - `"simple"`; for `"cookie"` - `"form"`. | +| explode | `boolean` | When this is true, parameter values of type `array` or `object` generate separate parameters for each value of the array or key-value pair of the map. For other types of parameters this field has no effect. When [`style`](#parameter-style) is `"form"`, the default value is `true`. For all other styles, the default value is `false`. Note that despite `false` being the default for `deepObject`, the combination of `false` with `deepObject` is undefined. | +| allowReserved | `boolean` | When this is true, parameter values are serialized using reserved expansion, as defined by [RFC6570](https://datatracker.ietf.org/doc/html/rfc6570#section-3.2.3), which allows [RFC3986's reserved character set](https://datatracker.ietf.org/doc/html/rfc3986#section-2.2), as well as percent-encoded triples, to pass through unchanged, while still percent-encoding all other disallowed characters (including `%` outside of percent-encoded triples). Applications are still responsible for percent-encoding reserved characters that are [not allowed in the query string](https://datatracker.ietf.org/doc/html/rfc3986#section-3.4) (`[`, `]`, `#`), or have a special meaning in `application/x-www-form-urlencoded` (`-`, `&`, `+`); see Appendices [C](#appendix-c-using-rfc6570-implementations) and [E](#appendix-e-percent-encoding-and-form-media-types) for details. This field only applies to parameters with an `in` value of `query`. The default value is `false`. | +| schema | [Schema Object](#schema-object) \| [Reference Object](#reference-object) | The schema defining the type used for the parameter. | +| example | Any | Example of the parameter's potential value; see [Working With Examples](#working-with-examples). | +| examples | Map[ `string`, [Example Object](#example-object) \| [Reference Object](#reference-object)] | Examples of the parameter's potential value; see [Working With Examples](#working-with-examples). | See also [Appendix C: Using RFC6570 Implementations](#appendix-c-using-rfc6570-implementations) for additional guidance. @@ -1107,23 +1107,23 @@ See also [Appendix C: Using RFC6570 Implementations](#appendix-c-using-rfc6570-i For more complex scenarios, the [`content`](#parameter-content) field can define the media type and schema of the parameter, as well as give examples of its use. Using `content` with a `text/plain` media type is RECOMMENDED for `in: "header"` and `in: "cookie"` parameters where the `schema` strategy is not appropriate. -| Field Name | Type | Description | -| -------------------------------------- | :--------------------------------------------------: | -------------------------------------------------------------------------------------------------------------------------------------------------- | +| Field Name | Type | Description | +| ---- | :----: | ---- | | content | Map[`string`, [Media Type Object](#media-type-object)] | A map containing the representations for the parameter. The key is the media type and the value describes it. The map MUST only contain one entry. | ##### Style Values In order to support common ways of serializing simple parameters, a set of `style` values are defined. -| `style` | [`type`](#data-types) | `in` | Comments | -| -------------- | ------------------------------ | ----------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| matrix | `primitive`, `array`, `object` | `path` | Path-style parameters defined by [RFC6570](https://tools.ietf.org/html/rfc6570#section-3.2.7) | -| label | `primitive`, `array`, `object` | `path` | Label style parameters defined by [RFC6570](https://tools.ietf.org/html/rfc6570#section-3.2.5) | -| simple | `primitive`, `array`, `object` | `path`, `header` | Simple style parameters defined by [RFC6570](https://tools.ietf.org/html/rfc6570#section-3.2.2). This option replaces `collectionFormat` with a `csv` value from OpenAPI 2.0. | -| form | `primitive`, `array`, `object` | `query`, `cookie` | Form style parameters defined by [RFC6570](https://tools.ietf.org/html/rfc6570#section-3.2.8). This option replaces `collectionFormat` with a `csv` (when `explode` is false) or `multi` (when `explode` is true) value from OpenAPI 2.0. | -| spaceDelimited | `array`, `object` | `query` | Space separated array values or object properties and values. This option replaces `collectionFormat` equal to `ssv` from OpenAPI 2.0. | -| pipeDelimited | `array`, `object` | `query` | Pipe separated array values or object properties and values. This option replaces `collectionFormat` equal to `pipes` from OpenAPI 2.0. | -| deepObject | `object` | `query` | Allows objects with scalar properties to be represented using form parameters. The representation of array or object properties is not defined. | +| `style` | [`type`](#data-types) | `in` | Comments | +| ---- | ---- | ---- | ---- | +| matrix | `primitive`, `array`, `object` | `path` | Path-style parameters defined by [RFC6570](https://tools.ietf.org/html/rfc6570#section-3.2.7) | +| label | `primitive`, `array`, `object` | `path` | Label style parameters defined by [RFC6570](https://tools.ietf.org/html/rfc6570#section-3.2.5) | +| simple | `primitive`, `array`, `object` | `path`, `header` | Simple style parameters defined by [RFC6570](https://tools.ietf.org/html/rfc6570#section-3.2.2). This option replaces `collectionFormat` with a `csv` value from OpenAPI 2.0. | +| form | `primitive`, `array`, `object` | `query`, `cookie` | Form style parameters defined by [RFC6570](https://tools.ietf.org/html/rfc6570#section-3.2.8). This option replaces `collectionFormat` with a `csv` (when `explode` is false) or `multi` (when `explode` is true) value from OpenAPI 2.0. | +| spaceDelimited | `array`, `object` | `query` | Space separated array values or object properties and values. This option replaces `collectionFormat` equal to `ssv` from OpenAPI 2.0. | +| pipeDelimited | `array`, `object` | `query` | Pipe separated array values or object properties and values. This option replaces `collectionFormat` equal to `pipes` from OpenAPI 2.0. | +| deepObject | `object` | `query` | Allows objects with scalar properties to be represented using form parameters. The representation of array or object properties is not defined. | See [Appendix E](#appendix-e-percent-encoding-and-form-media-types) for a discussion of percent-encoding, including when delimiters need to be percent-encoded and options for handling collisions with percent-encoded data. @@ -1146,22 +1146,22 @@ The following table shows examples, as would be shown with the `example` or `exa * Note that the `?` prefix is not appropriate for serializing `application/x-www-form-urlencoded` HTTP message bodies, and MUST be stripped or (if constructing the string manually) not added when used in that context; see the [Encoding Object](#encoding-object) for more information * The examples are percent-encoded as required by RFC6570 and RFC3986; see [Appendix E](#appendix-e-percent-encoding-and-form-media-types) for a thorough discussion of percent-encoding concerns, including why unencoded `|` (`%7C`), `[` (`%5B`), and `]` (`%5D`) seem to work in some environments despite not being compliant. -| [`style`](#style-values) | `explode` | `undefined` | `string` | `array` | `object` | -| ----------------------- | --------- | ------------------------------------------------- | ----------------------------------------------------- | ----------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------- | -| matrix | false | ;color | ;color=blue | ;color=blue,black,brown | ;color=R,100,G,200,B,150 | -| matrix | true | ;color | ;color=blue | ;color=blue;color=black;color=brown | ;R=100;G=200;B=150 | -| label | false | . | .blue | .blue,black,brown | .R,100,G,200,B,150 | -| label | true | . | .blue | .blue.black.brown | .R=100.G=200.B=150 | -| simple | false | _empty_ | blue | blue,black,brown | R,100,G,200,B,150 | -| simple | true | _empty_ | blue | blue,black,brown | R=100,G=200,B=150 | -| form | false | ?color= | ?color=blue | ?color=blue,black,brown | ?color=R,100,G,200,B,150 | -| form | true | ?color= | ?color=blue | ?color=blue&color=black&color=brown | ?R=100&G=200&B=150 | -| spaceDelimited | false | _n/a_ | _n/a_ | ?color=blue%20black%20brown | ?color=R%20100%20G%20200%20B%20150 | -| spaceDelimited | true | _n/a_ | _n/a_ | _n/a_ | _n/a_ | -| pipeDelimited | false | _n/a_ | _n/a_ | ?color=blue%7Cblack%7Cbrown | ?color=R%7C100%7CG%7C200%7CB%7C150 | -| pipeDelimited | true | _n/a_ | _n/a_ | _n/a_ | _n/a_ | -| deepObject | false | _n/a_ | _n/a_ | _n/a_ | _n/a_ | -| deepObject | true | _n/a_ | _n/a_ | _n/a_ | ?color%5BR%5D=100&color%5BG%5D=200&color%5BB%5D=150 | +| [`style`](#style-values) | `explode` | `undefined` | `string` | `array` | `object` | +| ---- | ---- | ---- | ---- | ---- | ---- | +| matrix | false | ;color | ;color=blue | ;color=blue,black,brown | ;color=R,100,G,200,B,150 | +| matrix | true | ;color | ;color=blue | ;color=blue;color=black;color=brown | ;R=100;G=200;B=150 | +| label | false | . | .blue | .blue,black,brown | .R,100,G,200,B,150 | +| label | true | . | .blue | .blue.black.brown | .R=100.G=200.B=150 | +| simple | false | _empty_ | blue | blue,black,brown | R,100,G,200,B,150 | +| simple | true | _empty_ | blue | blue,black,brown | R=100,G=200,B=150 | +| form | false | ?color= | ?color=blue | ?color=blue,black,brown | ?color=R,100,G,200,B,150 | +| form | true | ?color= | ?color=blue | ?color=blue&color=black&color=brown | ?R=100&G=200&B=150 | +| spaceDelimited | false | _n/a_ | _n/a_ | ?color=blue%20black%20brown | ?color=R%20100%20G%20200%20B%20150 | +| spaceDelimited | true | _n/a_ | _n/a_ | _n/a_ | _n/a_ | +| pipeDelimited | false | _n/a_ | _n/a_ | ?color=blue%7Cblack%7Cbrown | ?color=R%7C100%7CG%7C200%7CB%7C150 | +| pipeDelimited | true | _n/a_ | _n/a_ | _n/a_ | _n/a_ | +| deepObject | false | _n/a_ | _n/a_ | _n/a_ | _n/a_ | +| deepObject | true | _n/a_ | _n/a_ | _n/a_ | ?color%5BR%5D=100&color%5BG%5D=200&color%5BB%5D=150 | ##### Parameter Object Examples @@ -1326,11 +1326,11 @@ Describes a single request body. ##### Fixed Fields -| Field Name | Type | Description | -| ------------------------------------------------ | :--------------------------------------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| description | `string` | A brief description of the request body. This could contain examples of use. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | -| content | Map[`string`, [Media Type Object](#media-type-object)] | **REQUIRED**. The content of the request body. The key is a media type or [media type range](https://tools.ietf.org/html/rfc7231#appendix-D) and the value describes it. For requests that match multiple keys, only the most specific key is applicable. e.g. `"text/plain"` overrides `"text/*"` | -| required | `boolean` | Determines if the request body is required in the request. Defaults to `false`. | +| Field Name | Type | Description | +| ---- | :----: | ---- | +| description | `string` | A brief description of the request body. This could contain examples of use. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | +| content | Map[`string`, [Media Type Object](#media-type-object)] | **REQUIRED**. The content of the request body. The key is a media type or [media type range](https://tools.ietf.org/html/rfc7231#appendix-D) and the value describes it. For requests that match multiple keys, only the most specific key is applicable. e.g. `"text/plain"` overrides `"text/*"` | +| required | `boolean` | Determines if the request body is required in the request. Defaults to `false`. | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -1423,12 +1423,12 @@ See [Working With Examples](#working-with-examples) for further guidance regardi ##### Fixed Fields -| Field Name | Type | Description | -| ---------------------------------------- | :--------------------------------------------------------------------------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| schema | [Schema Object](#schema-object) \| [Reference Object](#reference-object) | The schema defining the content of the request, response, parameter, or header. | -| example | Any | Example of the media type; see [Working With Examples](#working-with-examples). | -| examples | Map[ `string`, [Example Object](#example-object) \| [Reference Object](#reference-object)] | Examples of the media type; see [Working With Examples](#working-with-examples). | -| encoding | Map[`string`, [Encoding Object](#encoding-object)] | A map between a property name and its encoding information. The key, being the property name, MUST exist in the schema as a property. The `encoding` field SHALL only apply to [Request Body Objects](#request-body-object), and only when the media type is `multipart` or `application/x-www-form-urlencoded`. If no Encoding Object is provided for a property, the behavior is determined by the default values documented for the Encoding Object. | +| Field Name | Type | Description | +| ---- | :----: | ---- | +| schema | [Schema Object](#schema-object) \| [Reference Object](#reference-object) | The schema defining the content of the request, response, parameter, or header. | +| example | Any | Example of the media type; see [Working With Examples](#working-with-examples). | +| examples | Map[ `string`, [Example Object](#example-object) \| [Reference Object](#reference-object)] | Examples of the media type; see [Working With Examples](#working-with-examples). | +| encoding | Map[`string`, [Encoding Object](#encoding-object)] | A map between a property name and its encoding information. The key, being the property name, MUST exist in the schema as a property. The `encoding` field SHALL only apply to [Request Body Objects](#request-body-object), and only when the media type is `multipart` or `application/x-www-form-urlencoded`. If no Encoding Object is provided for a property, the behavior is determined by the default values documented for the Encoding Object. | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -1562,22 +1562,22 @@ See [Appendix E](#appendix-e-percent-encoding-and-form-media-types) for a detail These fields MAY be used either with or without the RFC6570-style serialization fields defined in the next section below. -| Field Name | Type | Description | -| --------------------------------------------- | :-----------------------------------------------------------------------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| contentType | `string` | The `Content-Type` for encoding a specific property. The value is a comma-separated list, each element of which is either a specific media type (e.g. `image/png`) or a wildcard media type (e.g. `image/*`). Default value depends on the property type as shown in the table below. | -| headers | Map[`string`, [Header Object](#header-object) \| [Reference Object](#reference-object)] | A map allowing additional information to be provided as headers. `Content-Type` is described separately and SHALL be ignored in this section. This field SHALL be ignored if the request body media type is not a `multipart`. | +| Field Name | Type | Description | +| ---- | :----: | ---- | +| contentType | `string` | The `Content-Type` for encoding a specific property. The value is a comma-separated list, each element of which is either a specific media type (e.g. `image/png`) or a wildcard media type (e.g. `image/*`). Default value depends on the property type as shown in the table below. | +| headers | Map[`string`, [Header Object](#header-object) \| [Reference Object](#reference-object)] | A map allowing additional information to be provided as headers. `Content-Type` is described separately and SHALL be ignored in this section. This field SHALL be ignored if the request body media type is not a `multipart`. | This object MAY be extended with [Specification Extensions](#specification-extensions). The default values for `contentType` are as follows, where an _n/a_ in the `format` column means that the presence or value of `format` is irrelevant: -| `type` | `format` | Default `contentType` | -| --------------------------------- | ---------------------------------------- | ---------------------------------------------------------- | -| `string` | `binary` _or_ `byte` | `application/octet-stream` | -| `string` | _none, or any except `binary` or `byte`_ | `text/plain` | -| `number`, `integer`, or `boolean` | _n/a_ | `text/plain` | -| `object` | _n/a_ | `application/json` | -| `array` | _n/a_ | according to the `type` and `format` of the `items` schema | +| `type` | `format` | Default `contentType` | +| ---- | ---- | ---- | +| `string` | `binary` _or_ `byte` | `application/octet-stream` | +| `string` | _none, or any except `binary` or `byte`_ | `text/plain` | +| `number`, `integer`, or `boolean` | _n/a_ | `text/plain` | +| `object` | _n/a_ | `application/json` | +| `array` | _n/a_ | according to the `type` and `format` of the `items` schema | Determining how to handle `null` values if `nullable: true` is present depends on how `null` values are being serialized. If `null` values are entirely omitted, then the `contentType` is irrelevant. @@ -1585,10 +1585,10 @@ See [Appendix B](#appendix-b-data-type-conversion) for a discussion of data type ###### Fixed Fields for RFC6570-style Serialization -| Field Name | Type | Description | -| ------------------------------------------------- | :-------: | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| style | `string` | Describes how a specific property value will be serialized depending on its type. See [Parameter Object](#parameter-object) for details on the [`style`](#parameter-style) field. The behavior follows the same values as `query` parameters, including default values. Note that the initial `?` used in query strings is not used in `application/x-www-form-urlencoded` message bodies, and MUST be removed (if using an RFC6570 implementation) or simply not added (if constructing the string manually). This field SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. | -| explode | `boolean` | When this is true, property values of type `array` or `object` generate separate parameters for each value of the array, or key-value-pair of the map. For other types of properties this field has no effect. When [`style`](#encoding-style) is `"form"`, the default value is `true`. For all other styles, the default value is `false`. Note that despite `false` being the default for `deepObject`, the combination of `false` with `deepObject` is undefined. This field SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. | +| Field Name | Type | Description | +| ---- | :----: | ---- | +| style | `string` | Describes how a specific property value will be serialized depending on its type. See [Parameter Object](#parameter-object) for details on the [`style`](#parameter-style) field. The behavior follows the same values as `query` parameters, including default values. Note that the initial `?` used in query strings is not used in `application/x-www-form-urlencoded` message bodies, and MUST be removed (if using an RFC6570 implementation) or simply not added (if constructing the string manually). This field SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. | +| explode | `boolean` | When this is true, property values of type `array` or `object` generate separate parameters for each value of the array, or key-value-pair of the map. For other types of properties this field has no effect. When [`style`](#encoding-style) is `"form"`, the default value is `true`. For all other styles, the default value is `false`. Note that despite `false` being the default for `deepObject`, the combination of `false` with `deepObject` is undefined. This field SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. | | allowReserved | `boolean` | When this is true, parameter values are serialized using reserved expansion, as defined by [RFC6570](https://datatracker.ietf.org/doc/html/rfc6570#section-3.2.3), which allows [RFC3986's reserved character set](https://datatracker.ietf.org/doc/html/rfc3986#section-2.2), as well as percent-encoded triples, to pass through unchanged, while still percent-encoding all other disallowed characters (including `%` outside of percent-encoded triples). Applications are still responsible for percent-encoding reserved characters that are [not allowed in the query string](https://datatracker.ietf.org/doc/html/rfc3986#section-3.4) (`[`, `]`, `#`), or have a special meaning in `application/x-www-form-urlencoded` (`-`, `&`, `+`); see Appendices [C](#appendix-c-using-rfc6570-implementations) and [E](#appendix-e-percent-encoding-and-form-media-types) for details. The default value is `false`. This field SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. | See also [Appendix C: Using RFC6570 Implementations](#appendix-c-using-rfc6570-implementations) for additional guidance. @@ -1823,14 +1823,14 @@ call. ##### Fixed Fields -| Field Name | Type | Description | -| -------------------------------------- | :------------------------------------------------------------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Field Name | Type | Description | +| ---- | :----: | ---- | | default | [Response Object](#response-object) \| [Reference Object](#reference-object) | The documentation of responses other than the ones declared for specific HTTP response codes. Use this field to cover undeclared responses. A [Reference Object](#reference-object) can link to a response that the [OpenAPI Object's `components.responses`](#components-responses) section defines. | ##### Patterned Fields -| Field Pattern | Type | Description | -| ---------------------------------------------------------- | :------------------------------------------------------------------------: | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Field Pattern | Type | Description | +| ---- | :----: | ---- | | [HTTP Status Code](#http-status-codes) | [Response Object](#response-object) \| [Reference Object](#reference-object) | Any [HTTP status code](#http-status-codes) can be used as the property name, but only one property per code, to describe the expected response for that HTTP status code. A [Reference Object](#reference-object) can link to a response that is defined in the [OpenAPI Object's `components.responses`](#components-responses) section. This field MUST be enclosed in quotation marks (for example, "200") for compatibility between JSON and YAML. To define a range of response codes, this field MAY contain the uppercase wildcard character `X`. For example, `2XX` represents all response codes between `200` and `299`. Only the following range definitions are allowed: `1XX`, `2XX`, `3XX`, `4XX`, and `5XX`. If a response is defined using an explicit code, the explicit code definition takes precedence over the range definition for that code. | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -1886,12 +1886,12 @@ Describes a single response from an API operation, including design-time, static ##### Fixed Fields -| Field Name | Type | Description | -| --------------------------------------------- | :-----------------------------------------------------------------------------------: | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| description | `string` | **REQUIRED**. A description of the response. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | -| headers | Map[`string`, [Header Object](#header-object) \| [Reference Object](#reference-object)] | Maps a header name to its definition. [RFC7230](https://tools.ietf.org/html/rfc7230#section-3.2) states header names are case insensitive. If a response header is defined with the name `"Content-Type"`, it SHALL be ignored. | -| content | Map[`string`, [Media Type Object](#media-type-object)] | A map containing descriptions of potential response payloads. The key is a media type or [media type range](https://tools.ietf.org/html/rfc7231#appendix-D) and the value describes it. For responses that match multiple keys, only the most specific key is applicable. e.g. `"text/plain"` overrides `"text/*"` | -| links | Map[`string`, [Link Object](#link-object) \| [Reference Object](#reference-object)] | A map of operations links that can be followed from the response. The key of the map is a short name for the link, following the naming constraints of the names for [Component Objects](#components-object). | +| Field Name | Type | Description | +| ---- | :----: | ---- | +| description | `string` | **REQUIRED**. A description of the response. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | +| headers | Map[`string`, [Header Object](#header-object) \| [Reference Object](#reference-object)] | Maps a header name to its definition. [RFC7230](https://tools.ietf.org/html/rfc7230#section-3.2) states header names are case insensitive. If a response header is defined with the name `"Content-Type"`, it SHALL be ignored. | +| content | Map[`string`, [Media Type Object](#media-type-object)] | A map containing descriptions of potential response payloads. The key is a media type or [media type range](https://tools.ietf.org/html/rfc7231#appendix-D) and the value describes it. For responses that match multiple keys, only the most specific key is applicable. e.g. `"text/plain"` overrides `"text/*"` | +| links | Map[`string`, [Link Object](#link-object) \| [Reference Object](#reference-object)] | A map of operations links that can be followed from the response. The key of the map is a short name for the link, following the naming constraints of the names for [Component Objects](#components-object). | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -2026,8 +2026,8 @@ The key value used to identify the Path Item Object is an expression, evaluated ##### Patterned Fields -| Field Pattern | Type | Description | -| --------------------------------------------- | :---------------------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Field Pattern | Type | Description | +| ---- | :----: | ---- | | {expression} | [Path Item Object](#path-item-object) | A Path Item Object used to define a callback request and expected responses. A [complete example](https://learn.openapis.org/examples/v3.0/callback-example.html) is available. | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -2066,16 +2066,16 @@ Location: https://example.org/subscription/1 The following examples show how the various expressions evaluate, assuming the callback operation has a path parameter named `eventType` and a query parameter named `queryUrl`. -| Expression | Value | -| ---------------------------- | :----------------------------------------------------------------------------------- | -| $url | | -| $method | POST | -| $request.path.eventType | myevent | -| $request.query.queryUrl | | -| $request.header.content-type | application/json | -| $request.body#/failedUrl | | -| $request.body#/successUrls/1 | | -| $response.header.Location | | +| Expression | Value | +| ---- | :---- | +| $url | | +| $method | POST | +| $request.path.eventType | myevent | +| $request.query.queryUrl | | +| $request.header.content-type | application/json | +| $request.body#/failedUrl | | +| $request.body#/successUrls/1 | | +| $response.header.Location | | ##### Callback Object Examples @@ -2122,11 +2122,11 @@ Examples allow demonstration of the usage of properties, parameters and objects ##### Fixed Fields -| Field Name | Type | Description | -| ------------------------------------------------ | :------: | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| summary | `string` | Short description for the example. | -| description | `string` | Long description for the example. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | -| value | Any | Embedded literal example. The `value` field and `externalValue` field are mutually exclusive. To represent examples of media types that cannot naturally represented in JSON or YAML, use a string value to contain the example, escaping where necessary. | +| Field Name | Type | Description | +| ---- | :----: | ---- | +| summary | `string` | Short description for the example. | +| description | `string` | Long description for the example. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | +| value | Any | Embedded literal example. The `value` field and `externalValue` field are mutually exclusive. To represent examples of media types that cannot naturally represented in JSON or YAML, use a string value to contain the example, escaping where necessary. | | externalValue | `string` | A URL that points to the literal example. This provides the capability to reference examples that cannot easily be included in JSON or YAML documents. The `value` field and `externalValue` field are mutually exclusive. See the rules for resolving [Relative References](#relative-references-in-urls). | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -2298,14 +2298,14 @@ For computing links and providing instructions to execute them, a [runtime expre ##### Fixed Fields -| Field Name | Type | Description | -| ------------------------------------------- | :------------------------------------------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| operationRef | `string` | A relative or absolute URI reference to an OAS operation. This field is mutually exclusive of the `operationId` field, and MUST point to an [Operation Object](#operation-object). Relative `operationRef` values MAY be used to locate an existing [Operation Object](#operation-object) in the OpenAPI description. | -| operationId | `string` | The name of an _existing_, resolvable OAS operation, as defined with a unique `operationId`. This field is mutually exclusive of the `operationRef` field. | -| parameters | Map[`string`, Any \| [{expression}](#runtime-expressions)] | A map representing parameters to pass to an operation as specified with `operationId` or identified via `operationRef`. The key is the parameter name to be used (optionally qualified with the parameter location, e.g. `path.id` for an `id` parameter in the path), whereas the value can be a constant or an expression to be evaluated and passed to the linked operation. | -| requestBody | Any \| [{expression}](#runtime-expressions) | A literal value or [{expression}](#runtime-expressions) to use as a request body when calling the target operation. | -| description | `string` | A description of the link. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | -| server | [Server Object](#server-object) | A server object to be used by the target operation. | +| Field Name | Type | Description | +| ---- | :----: | ---- | +| operationRef | `string` | A relative or absolute URI reference to an OAS operation. This field is mutually exclusive of the `operationId` field, and MUST point to an [Operation Object](#operation-object). Relative `operationRef` values MAY be used to locate an existing [Operation Object](#operation-object) in the OpenAPI description. | +| operationId | `string` | The name of an _existing_, resolvable OAS operation, as defined with a unique `operationId`. This field is mutually exclusive of the `operationRef` field. | +| parameters | Map[`string`, Any \| [{expression}](#runtime-expressions)] | A map representing parameters to pass to an operation as specified with `operationId` or identified via `operationRef`. The key is the parameter name to be used (optionally qualified with the parameter location, e.g. `path.id` for an `id` parameter in the path), whereas the value can be a constant or an expression to be evaluated and passed to the linked operation. | +| requestBody | Any \| [{expression}](#runtime-expressions) | A literal value or [{expression}](#runtime-expressions) to use as a request body when calling the target operation. | +| description | `string` | A description of the link. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | +| server | [Server Object](#server-object) | A server object to be used by the target operation. | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -2446,15 +2446,15 @@ The table below provides examples of runtime expressions and examples of their u ##### Examples -| Source Location | example expression | notes | -| --------------------- | :------------------------- | :-------------------------------------------------------------------------------------------------------------------------------------------------- | -| HTTP Method | `$method` | The allowable values for the `$method` will be those for the HTTP operation. | -| Requested media type | `$request.header.accept` | | -| Request parameter | `$request.path.id` | Request parameters MUST be declared in the `parameters` section of the parent operation or they cannot be evaluated. This includes request headers. | -| Request body property | `$request.body#/user/uuid` | In operations which accept payloads, references may be made to portions of the `requestBody` or the entire body. | -| Request URL | `$url` | | -| Response value | `$response.body#/status` | In operations which return payloads, references may be made to portions of the response body or the entire body. | -| Response header | `$response.header.Server` | Single header values only are available | +| Source Location | example expression | notes | +| ---- | :---- | :---- | +| HTTP Method | `$method` | The allowable values for the `$method` will be those for the HTTP operation. | +| Requested media type | `$request.header.accept` | | +| Request parameter | `$request.path.id` | Request parameters MUST be declared in the `parameters` section of the parent operation or they cannot be evaluated. This includes request headers. | +| Request body property | `$request.body#/user/uuid` | In operations which accept payloads, references may be made to portions of the `requestBody` or the entire body. | +| Request URL | `$url` | | +| Response value | `$response.body#/status` | In operations which return payloads, references may be made to portions of the response body or the entire body. | +| Response header | `$response.header.Server` | Single header values only are available | Runtime expressions preserve the type of the referenced value. Expressions can be embedded into string values by surrounding the expression with `{}` curly braces. @@ -2475,11 +2475,11 @@ The Header Object follows the structure of the [Parameter Object](#parameter-obj These fields MAY be used with either `content` or `schema`. -| Field Name | Type | Description | -| ------------------------------------------- | :-------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| description | `string` | A brief description of the header. This could contain examples of use. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | -| required | `boolean` | Determines whether this header is mandatory. The default value is `false`. | -| deprecated | `boolean` | Specifies that the header is deprecated and SHOULD be transitioned out of usage. Default value is `false`. | +| Field Name | Type | Description | +| ---- | :----: | ---- | +| description | `string` | A brief description of the header. This could contain examples of use. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | +| required | `boolean` | Determines whether this header is mandatory. The default value is `false`. | +| deprecated | `boolean` | Specifies that the header is deprecated and SHOULD be transitioned out of usage. Default value is `false`. | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -2493,13 +2493,13 @@ Serializing with `schema` is NOT RECOMMENDED for headers with parameters (name=v When `example` or `examples` are provided in conjunction with the `schema` field, the example SHOULD match the specified schema and follow the prescribed serialization strategy for the header. The `example` and `examples` fields are mutually exclusive, and if either is present it SHALL _override_ any `example` in the schema. -| Field Name | Type | Description | -| ------------------------------------- | :--------------------------------------------------------------------------------------: | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| style | `string` | Describes how the header value will be serialized. The default (and only legal value for headers) is `"simple"`. | -| explode | `boolean` | When this is true, header values of type `array` or `object` generate a single header whose value is a comma-separated list of the array items or key-value pairs of the map, see [Style Examples](#style-examples). For other data types this field has no effect. The default value is `false`. | -| schema | [Schema Object](#schema-object) \| [Reference Object](#reference-object) | The schema defining the type used for the header. | -| example | Any | Example of the header's potential value; see [Working With Examples](#working-with-examples). | -| examples | Map[ `string`, [Example Object](#example-object) \| [Reference Object](#reference-object)] | Examples of the header's potential value; see [Working With Examples](#working-with-examples). | +| Field Name | Type | Description | +| ---- | :----: | ---- | +| style | `string` | Describes how the header value will be serialized. The default (and only legal value for headers) is `"simple"`. | +| explode | `boolean` | When this is true, header values of type `array` or `object` generate a single header whose value is a comma-separated list of the array items or key-value pairs of the map, see [Style Examples](#style-examples). For other data types this field has no effect. The default value is `false`. | +| schema | [Schema Object](#schema-object) \| [Reference Object](#reference-object) | The schema defining the type used for the header. | +| example | Any | Example of the header's potential value; see [Working With Examples](#working-with-examples). | +| examples | Map[ `string`, [Example Object](#example-object) \| [Reference Object](#reference-object)] | Examples of the header's potential value; see [Working With Examples](#working-with-examples). | See also [Appendix C: Using RFC6570 Implementations](#appendix-c-using-rfc6570-implementations) for additional guidance. @@ -2508,8 +2508,8 @@ See also [Appendix C: Using RFC6570 Implementations](#appendix-c-using-rfc6570-i For more complex scenarios, the [`content`](#header-content) field can define the media type and schema of the header, as well as give examples of its use. Using `content` with a `text/plain` media type is RECOMMENDED for headers where the `schema` strategy is not appropriate. -| Field Name | Type | Description | -| ----------------------------------- | :--------------------------------------------------: | ----------------------------------------------------------------------------------------------------------------------------------------------- | +| Field Name | Type | Description | +| ---- | :----: | ---- | | content | Map[`string`, [Media Type Object](#media-type-object)] | A map containing the representations for the header. The key is the media type and the value describes it. The map MUST only contain one entry. | ##### Header Object Example @@ -2565,11 +2565,11 @@ It is not mandatory to have a Tag Object per tag defined in the Operation Object ##### Fixed Fields -| Field Name | Type | Description | -| ------------------------------------------ | :-----------------------------------------------------------: | ---------------------------------------------------------------------------------------------------------------------- | -| name | `string` | **REQUIRED**. The name of the tag. | -| description | `string` | A description for the tag. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | -| externalDocs | [External Documentation Object](#external-documentation-object) | Additional external documentation for this tag. | +| Field Name | Type | Description | +| ---- | :----: | ---- | +| name | `string` | **REQUIRED**. The name of the tag. | +| description | `string` | A description for the tag. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | +| externalDocs | [External Documentation Object](#external-documentation-object) | Additional external documentation for this tag. | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -2597,8 +2597,8 @@ For this specification, reference resolution is accomplished as defined by the J ##### Fixed Fields -| Field Name | Type | Description | -| ------------------------------- | :------: | ----------------------------------- | +| Field Name | Type | Description | +| ---- | :----: | ---- | | $ref | `string` | **REQUIRED**. The reference string. | This object cannot be extended with additional properties, and any properties added SHALL be ignored. @@ -2691,16 +2691,16 @@ Other than the JSON Schema subset fields, the following fields MAY be used for f ##### Fixed Fields -| Field Name | Type | Description | -| ----------------------------------------------- | :-----------------------------------------------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| nullable | `boolean` | This keyword only takes effect if `type` is explicitly defined within the same Schema Object. A `true` value indicates that both `null` values and values of the type specified by `type` are allowed. Other Schema Object constraints retain their defined behavior, and therefore may disallow the use of `null` as a value. A `false` value leaves the specified or default `type` unmodified. The default value is `false`. | -| discriminator | [Discriminator Object](#discriminator-object) | Adds support for polymorphism. The discriminator is used to determine which of a set of schemas a payload is expected to satisfy. See [Composition and Inheritance](#composition-and-inheritance-polymorphism) for more details. | -| readOnly | `boolean` | Relevant only for Schema Object `properties` definitions. Declares the property as "read only". This means that it MAY be sent as part of a response but SHOULD NOT be sent as part of the request. If the property is marked as `readOnly` being `true` and is in the `required` list, the `required` will take effect on the response only. A property MUST NOT be marked as both `readOnly` and `writeOnly` being `true`. Default value is `false`. | -| writeOnly | `boolean` | Relevant only for Schema Object `properties` definitions. Declares the property as "write only". Therefore, it MAY be sent as part of a request but SHOULD NOT be sent as part of the response. If the property is marked as `writeOnly` being `true` and is in the `required` list, the `required` will take effect on the request only. A property MUST NOT be marked as both `readOnly` and `writeOnly` being `true`. Default value is `false`. | -| xml | [XML Object](#xml-object) | This MAY be used only on property schemas. It has no effect on root schemas. Adds additional metadata to describe the XML representation of this property. | -| externalDocs | [External Documentation Object](#external-documentation-object) | Additional external documentation for this schema. | -| example | Any | A free-form field to include an example of an instance for this schema. To represent examples that cannot be naturally represented in JSON or YAML, a string value can be used to contain the example with escaping where necessary. | -| deprecated | `boolean` | Specifies that a schema is deprecated and SHOULD be transitioned out of usage. Default value is `false`. | +| Field Name | Type | Description | +| ---- | :----: | ---- | +| nullable | `boolean` | This keyword only takes effect if `type` is explicitly defined within the same Schema Object. A `true` value indicates that both `null` values and values of the type specified by `type` are allowed. Other Schema Object constraints retain their defined behavior, and therefore may disallow the use of `null` as a value. A `false` value leaves the specified or default `type` unmodified. The default value is `false`. | +| discriminator | [Discriminator Object](#discriminator-object) | Adds support for polymorphism. The discriminator is used to determine which of a set of schemas a payload is expected to satisfy. See [Composition and Inheritance](#composition-and-inheritance-polymorphism) for more details. | +| readOnly | `boolean` | Relevant only for Schema Object `properties` definitions. Declares the property as "read only". This means that it MAY be sent as part of a response but SHOULD NOT be sent as part of the request. If the property is marked as `readOnly` being `true` and is in the `required` list, the `required` will take effect on the response only. A property MUST NOT be marked as both `readOnly` and `writeOnly` being `true`. Default value is `false`. | +| writeOnly | `boolean` | Relevant only for Schema Object `properties` definitions. Declares the property as "write only". Therefore, it MAY be sent as part of a request but SHOULD NOT be sent as part of the response. If the property is marked as `writeOnly` being `true` and is in the `required` list, the `required` will take effect on the request only. A property MUST NOT be marked as both `readOnly` and `writeOnly` being `true`. Default value is `false`. | +| xml | [XML Object](#xml-object) | This MAY be used only on property schemas. It has no effect on root schemas. Adds additional metadata to describe the XML representation of this property. | +| externalDocs | [External Documentation Object](#external-documentation-object) | Additional external documentation for this schema. | +| example | Any | A free-form field to include an example of an instance for this schema. To represent examples that cannot be naturally represented in JSON or YAML, a string value can be used to contain the example with escaping where necessary. | +| deprecated | `boolean` | Specifies that a schema is deprecated and SHOULD be transitioned out of usage. Default value is `false`. | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -3040,10 +3040,10 @@ Note that `discriminator` MUST NOT change the validation outcome of the schema. ##### Fixed Fields -| Field Name | Type | Description | -| ------------------------------------------- | :---------------------: | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| propertyName | `string` | **REQUIRED**. The name of the property in the payload that will hold the discriminating value. This property SHOULD be required in the payload schema, as the behavior when the property is absent is undefined. | -| mapping | Map[`string`, `string`] | An object to hold mappings between payload values and schema names or URI references. | +| Field Name | Type | Description | +| ---- | :----: | ---- | +| propertyName | `string` | **REQUIRED**. The name of the property in the payload that will hold the discriminating value. This property SHOULD be required in the payload schema, as the behavior when the property is absent is undefined. | +| mapping | Map[`string`, `string`] | An object to hold mappings between payload values and schema names or URI references. | ##### Conditions for Using the Discriminator Object @@ -3199,13 +3199,13 @@ See examples for expected behavior. ##### Fixed Fields -| Field Name | Type | Description | -| ------------------------------------ | :-------: | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| name | `string` | Replaces the name of the element/attribute used for the described schema property. When defined within `items`, it will affect the name of the individual XML elements within the list. When defined alongside `type` being `"array"` (outside the `items`), it will affect the wrapping element if and only if `wrapped` is `true`. If `wrapped` is `false`, it will be ignored. | -| namespace | `string` | The URI of the namespace definition. Value MUST be in the form of a non-relative URI. | -| prefix | `string` | The prefix to be used for the [name](#xml-name). | -| attribute | `boolean` | Declares whether the property definition translates to an attribute instead of an element. Default value is `false`. | -| wrapped | `boolean` | MAY be used only for an array definition. Signifies whether the array is wrapped (for example, ``) or unwrapped (``). Default value is `false`. The definition takes effect only when defined alongside `type` being `"array"` (outside the `items`). | +| Field Name | Type | Description | +| ---- | :----: | ---- | +| name | `string` | Replaces the name of the element/attribute used for the described schema property. When defined within `items`, it will affect the name of the individual XML elements within the list. When defined alongside `type` being `"array"` (outside the `items`), it will affect the wrapping element if and only if `wrapped` is `true`. If `wrapped` is `false`, it will be ignored. | +| namespace | `string` | The URI of the namespace definition. Value MUST be in the form of a non-relative URI. | +| prefix | `string` | The prefix to be used for the [name](#xml-name). | +| attribute | `boolean` | Declares whether the property definition translates to an attribute instead of an element. Default value is `false`. | +| wrapped | `boolean` | MAY be used only for an array definition. Signifies whether the array is wrapped (for example, ``) or unwrapped (``). Default value is `false`. The definition takes effect only when defined alongside `type` being `"array"` (outside the `items`). | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -3559,16 +3559,16 @@ Please note that as of 2020, the implicit flow is about to be deprecated by [OAu ##### Fixed Fields -| Field Name | Type | Applies To | Description | -| ------------------------------------------------------------- | :-------------------------------------: | ------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| type | `string` | Any | **REQUIRED**. The type of the security scheme. Valid values are `"apiKey"`, `"http"`, `"oauth2"`, `"openIdConnect"`. | -| description | `string` | Any | A description for security scheme. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | -| name | `string` | `apiKey` | **REQUIRED**. The name of the header, query or cookie parameter to be used. | -| in | `string` | `apiKey` | **REQUIRED**. The location of the API key. Valid values are `"query"`, `"header"`, or `"cookie"`. | -| scheme | `string` | `http` | **REQUIRED**. The name of the HTTP Authentication scheme to be used in the [Authorization header as defined in RFC7235](https://tools.ietf.org/html/rfc7235#section-5.1). The values used SHOULD be registered in the [IANA Authentication Scheme registry](https://www.iana.org/assignments/http-authschemes/http-authschemes.xhtml). The value is case-insensitive, as defined in [RFC7235](https://datatracker.ietf.org/doc/html/rfc7235#section-2.1). | -| bearerFormat | `string` | `http` (`"bearer"`) | A hint to the client to identify how the bearer token is formatted. Bearer tokens are usually generated by an authorization server, so this information is primarily for documentation purposes. | -| flows | [OAuth Flows Object](#oauth-flows-object) | `oauth2` | **REQUIRED**. An object containing configuration information for the flow types supported. | -| openIdConnectUrl | `string` | `openIdConnect` | **REQUIRED**. [Well-known URL](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig) to discover the [[OpenID-Connect-Discovery]] [provider metadata](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata). | +| Field Name | Type | Applies To | Description | +| ---- | :----: | ---- | ---- | +| type | `string` | Any | **REQUIRED**. The type of the security scheme. Valid values are `"apiKey"`, `"http"`, `"oauth2"`, `"openIdConnect"`. | +| description | `string` | Any | A description for security scheme. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | +| name | `string` | `apiKey` | **REQUIRED**. The name of the header, query or cookie parameter to be used. | +| in | `string` | `apiKey` | **REQUIRED**. The location of the API key. Valid values are `"query"`, `"header"`, or `"cookie"`. | +| scheme | `string` | `http` | **REQUIRED**. The name of the HTTP Authentication scheme to be used in the [Authorization header as defined in RFC7235](https://tools.ietf.org/html/rfc7235#section-5.1). The values used SHOULD be registered in the [IANA Authentication Scheme registry](https://www.iana.org/assignments/http-authschemes/http-authschemes.xhtml). The value is case-insensitive, as defined in [RFC7235](https://datatracker.ietf.org/doc/html/rfc7235#section-2.1). | +| bearerFormat | `string` | `http` (`"bearer"`) | A hint to the client to identify how the bearer token is formatted. Bearer tokens are usually generated by an authorization server, so this information is primarily for documentation purposes. | +| flows | [OAuth Flows Object](#oauth-flows-object) | `oauth2` | **REQUIRED**. An object containing configuration information for the flow types supported. | +| openIdConnectUrl | `string` | `openIdConnect` | **REQUIRED**. [Well-known URL](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig) to discover the [[OpenID-Connect-Discovery]] [provider metadata](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata). | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -3653,12 +3653,12 @@ Allows configuration of the supported OAuth Flows. ##### Fixed Fields -| Field Name | Type | Description | -| ----------------------------------------------------------- | :-----------------------------------: | ---------------------------------------------------------------------------------------------------- | -| implicit | [OAuth Flow Object](#oauth-flow-object) | Configuration for the OAuth Implicit flow | -| password | [OAuth Flow Object](#oauth-flow-object) | Configuration for the OAuth Resource Owner Password flow | +| Field Name | Type | Description | +| ---- | :----: | ---- | +| implicit | [OAuth Flow Object](#oauth-flow-object) | Configuration for the OAuth Implicit flow | +| password | [OAuth Flow Object](#oauth-flow-object) | Configuration for the OAuth Resource Owner Password flow | | clientCredentials | [OAuth Flow Object](#oauth-flow-object) | Configuration for the OAuth Client Credentials flow. Previously called `application` in OpenAPI 2.0. | -| authorizationCode | [OAuth Flow Object](#oauth-flow-object) | Configuration for the OAuth Authorization Code flow. Previously called `accessCode` in OpenAPI 2.0. | +| authorizationCode | [OAuth Flow Object](#oauth-flow-object) | Configuration for the OAuth Authorization Code flow. Previously called `accessCode` in OpenAPI 2.0. | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -3668,12 +3668,12 @@ Configuration details for a supported OAuth Flow ##### Fixed Fields -| Field Name | Type | Applies To | Description | -| -------------------------------------------------------- | :---------------------: | --------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------- | -| authorizationUrl | `string` | `oauth2` (`"implicit"`, `"authorizationCode"`) | **REQUIRED**. The authorization URL to be used for this flow. This MUST be in the form of a URL. The OAuth2 standard requires the use of TLS. | -| tokenUrl | `string` | `oauth2` (`"password"`, `"clientCredentials"`, `"authorizationCode"`) | **REQUIRED**. The token URL to be used for this flow. This MUST be in the form of a URL. The OAuth2 standard requires the use of TLS. | -| refreshUrl | `string` | `oauth2` | The URL to be used for obtaining refresh tokens. This MUST be in the form of a URL. The OAuth2 standard requires the use of TLS. | -| scopes | Map[`string`, `string`] | `oauth2` | **REQUIRED**. The available scopes for the OAuth2 security scheme. A map between the scope name and a short description for it. The map MAY be empty. | +| Field Name | Type | Applies To | Description | +| ---- | :----: | ---- | ---- | +| authorizationUrl | `string` | `oauth2` (`"implicit"`, `"authorizationCode"`) | **REQUIRED**. The authorization URL to be used for this flow. This MUST be in the form of a URL. The OAuth2 standard requires the use of TLS. | +| tokenUrl | `string` | `oauth2` (`"password"`, `"clientCredentials"`, `"authorizationCode"`) | **REQUIRED**. The token URL to be used for this flow. This MUST be in the form of a URL. The OAuth2 standard requires the use of TLS. | +| refreshUrl | `string` | `oauth2` | The URL to be used for obtaining refresh tokens. This MUST be in the form of a URL. The OAuth2 standard requires the use of TLS. | +| scopes | Map[`string`, `string`] | `oauth2` | **REQUIRED**. The available scopes for the OAuth2 security scheme. A map between the scope name and a short description for it. The map MAY be empty. | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -3730,8 +3730,8 @@ When a list of Security Requirement Objects is defined on the [OpenAPI Object](# ##### Patterned Fields -| Field Pattern | Type | Description | -| --------------------------------------------- | :--------: | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Field Pattern | Type | Description | +| ---- | :----: | ---- | | {name} | [`string`] | Each name MUST correspond to a security scheme which is declared in the [Security Schemes](#security-scheme-object) under the [Components Object](#components-object). If the security scheme is of type `"oauth2"` or `"openIdConnect"`, then the value is a list of scope names required for the execution, and the list MAY be empty if authorization does not require a specified scope. For other security scheme types, the array MUST be empty. | ##### Security Requirement Object Examples @@ -3887,9 +3887,9 @@ While the OpenAPI Specification tries to accommodate most use cases, additional The extensions properties are implemented as patterned fields that are always prefixed by `x-`. -| Field Pattern | Type | Description | -| -------------------------------- | :--: | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| ^x- | Any | Allows extensions to the OpenAPI Schema. The field name MUST begin with `x-`, for example, `x-internal-id`. The value can be any valid JSON value (`null`, a primitive, an array, or an object.) | +| Field Pattern | Type | Description | +| ---- | :--: | ---- | +| ^x- | Any | Allows extensions to the OpenAPI Schema. The field name MUST begin with `x-`, for example, `x-internal-id`. The value can be any valid JSON value (`null`, a primitive, an array, or an object.) | The OpenAPI Initiative maintains several [[OpenAPI-Registry|extension registries]], including registries for [individual extension keywords](https://spec.openapis.org/registry/extension/) and [extension keyword namespaces](https://spec.openapis.org/registry/namespace/). @@ -3939,21 +3939,21 @@ Certain fields allow the use of Markdown which can contain HTML including script ## Appendix A: Revision History -| Version | Date | Notes | -| --------- | ---------- | ------------------------------------------------- | -| 3.0.4 | TBD | Patch release of the OpenAPI Specification 3.0.4 | -| 3.0.3 | 2020-02-20 | Patch release of the OpenAPI Specification 3.0.3 | -| 3.0.2 | 2018-10-08 | Patch release of the OpenAPI Specification 3.0.2 | -| 3.0.1 | 2017-12-06 | Patch release of the OpenAPI Specification 3.0.1 | -| 3.0.0 | 2017-07-26 | Release of the OpenAPI Specification 3.0.0 | -| 3.0.0-rc2 | 2017-06-16 | rc2 of the 3.0 specification | -| 3.0.0-rc1 | 2017-04-27 | rc1 of the 3.0 specification | -| 3.0.0-rc0 | 2017-02-28 | Implementer's Draft of the 3.0 specification | -| 2.0 | 2015-12-31 | Donation of Swagger 2.0 to the OpenAPI Initiative | -| 2.0 | 2014-09-08 | Release of Swagger 2.0 | -| 1.2 | 2014-03-14 | Initial release of the formal document. | -| 1.1 | 2012-08-22 | Release of Swagger 1.1 | -| 1.0 | 2011-08-10 | First release of the Swagger Specification | +| Version | Date | Notes | +| ---- | ---- | ---- | +| 3.0.4 | TBD | Patch release of the OpenAPI Specification 3.0.4 | +| 3.0.3 | 2020-02-20 | Patch release of the OpenAPI Specification 3.0.3 | +| 3.0.2 | 2018-10-08 | Patch release of the OpenAPI Specification 3.0.2 | +| 3.0.1 | 2017-12-06 | Patch release of the OpenAPI Specification 3.0.1 | +| 3.0.0 | 2017-07-26 | Release of the OpenAPI Specification 3.0.0 | +| 3.0.0-rc2 | 2017-06-16 | rc2 of the 3.0 specification | +| 3.0.0-rc1 | 2017-04-27 | rc1 of the 3.0 specification | +| 3.0.0-rc0 | 2017-02-28 | Implementer's Draft of the 3.0 specification | +| 2.0 | 2015-12-31 | Donation of Swagger 2.0 to the OpenAPI Initiative | +| 2.0 | 2014-09-08 | Release of Swagger 2.0 | +| 1.2 | 2014-03-14 | Initial release of the formal document. | +| 1.1 | 2012-08-22 | Release of Swagger 1.1 | +| 1.0 | 2011-08-10 | First release of the Swagger Specification | ## Appendix B: Data Type Conversion @@ -3987,10 +3987,10 @@ Requiring input as pre-formatted, schema-validated strings also improves round-t Serialization is defined in terms of [RFC6570](https://www.rfc-editor.org/rfc/rfc6570) URI Templates in two scenarios: -| Object | Condition | -| ------------------------------------ | ---------------------------------------------------------------------------------------------------------------- | -| [Parameter Object](#parameter-object) | When `schema` is present | -| [Encoding Object](#encoding-object) | When encoding for `application/x-www-form-urlencoded` and any of `style`, `explode`, or `allowReserved` are used | +| Object | Condition | +| ---- | ---- | +| [Parameter Object](#parameter-object) | When `schema` is present | +| [Encoding Object](#encoding-object) | When encoding for `application/x-www-form-urlencoded` and any of `style`, `explode`, or `allowReserved` are used | Implementations of this specification MAY use an implementation of RFC6570 to perform variable expansion, however, some caveats apply. @@ -4003,16 +4003,16 @@ Using an implementation with a lower level of support will require additional ma Certain field values translate to RFC6570 [operators](https://datatracker.ietf.org/doc/html/rfc6570#section-2.2) (or lack thereof): -| field | value | equivalent | -| ------------- | ---------- | ------------------- | -| style | `"simple"` | _n/a_ | -| style | `"matrix"` | `;` prefix operator | -| style | `"label"` | `.` prefix operator | -| style | `"form"` | `?` prefix operator | -| allowReserved | `false` | _n/a_ | -| allowReserved | `true` | `+` prefix operator | -| explode | `false` | _n/a_ | -| explode | `true` | `*` modifier suffix | +| field | value | equivalent | +| ---- | ---- | ---- | +| style | `"simple"` | _n/a_ | +| style | `"matrix"` | `;` prefix operator | +| style | `"label"` | `.` prefix operator | +| style | `"form"` | `?` prefix operator | +| allowReserved | `false` | _n/a_ | +| allowReserved | `true` | `+` prefix operator | +| explode | `false` | _n/a_ | +| explode | `true` | `*` modifier suffix | Multiple `style: "form"` parameters are equivalent to a single RFC6570 [variable list](https://www.rfc-editor.org/rfc/rfc6570#section-2.2) using the `?` prefix operator: @@ -4283,11 +4283,11 @@ Unfortunately, these specifications each define slightly different percent-encod This specification normatively cites the following relevant standards: -| Specification | Date | OAS Usage | Percent-Encoding | Notes | -| ---------------------------------------------------------------------- | ------- | --------------------------- | ---------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| [RFC3986](https://www.rfc-editor.org/rfc/rfc3986) | 01/2005 | URI/URL syntax | [[RFC3986]] | obsoletes [[RFC1738]], [[RFC2396]] | -| [RFC6570](https://www.rfc-editor.org/rfc/rfc6570) | 03/2012 | style-based serialization | [[RFC3986]] | does not use `+` for form‑urlencoded | -| [RFC1866](https://datatracker.ietf.org/doc/html/rfc1866#section-8.2.1) | 11/1995 | content-based serialization | [[RFC1738]] | obsoleted by [[HTML401]] [Section 17.13.4.1](https://www.w3.org/TR/html401/interact/forms.html#h-17.13.4.1), [[URL]] [Section 5](https://url.spec.whatwg.org/#urlencoded-serializing) | +| Specification | Date | OAS Usage | Percent-Encoding | Notes | +| ---- | ---- | ---- | ---- | ---- | +| [RFC3986](https://www.rfc-editor.org/rfc/rfc3986) | 01/2005 | URI/URL syntax | [[RFC3986]] | obsoletes [[RFC1738]], [[RFC2396]] | +| [RFC6570](https://www.rfc-editor.org/rfc/rfc6570) | 03/2012 | style-based serialization | [[RFC3986]] | does not use `+` for form‑urlencoded | +| [RFC1866](https://datatracker.ietf.org/doc/html/rfc1866#section-8.2.1) | 11/1995 | content-based serialization | [[RFC1738]] | obsoleted by [[HTML401]] [Section 17.13.4.1](https://www.w3.org/TR/html401/interact/forms.html#h-17.13.4.1), [[URL]] [Section 5](https://url.spec.whatwg.org/#urlencoded-serializing) | Style-based serialization is used in the [Parameter Object](#parameter-object) when `schema` is present, and in the [Encoding Object](#encoding-object) when at least one of `style`, `explode`, or `allowReserved` is present. See [Appendix C](#appendix-c-using-rfc6570-implementations) for more details of RFC6570's two different approaches to percent-encoding, including an example involving `+`. From 925879dc2d73699ca90426d3b7058923b6e54d3f Mon Sep 17 00:00:00 2001 From: Ralf Handl Date: Fri, 30 Aug 2024 09:24:23 +0200 Subject: [PATCH 220/251] Absent, empty, or incomplete security list --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index f91190b457..d6b36a44c2 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -258,7 +258,7 @@ This is the root object of the [OpenAPI document](#openapi-description). | servers | [[Server Object](#server-object)] | An array of Server Objects, which provide connectivity information to a target server. If the `servers` field is not provided, or is an empty array, the default value would be a [Server Object](#server-object) with a [url](#server-url) value of `/`. | | paths | [Paths Object](#paths-object) | **REQUIRED**. The available paths and operations for the API. | | components | [Components Object](#components-object) | An element to hold various schemas for the document. | -| security | [[Security Requirement Object](#security-requirement-object)] | A declaration of which security mechanisms can be used across the API. The list of values includes alternative Security Requirement Objects that can be used. Only one of the Security Requirement Objects need to be satisfied to authorize a request. Individual operations can override this definition. To make security optional, an empty security requirement (`{}`) can be included in the array. | +| security | [[Security Requirement Object](#security-requirement-object)] | A declaration of which security mechanisms can be used across the API. The list of values includes alternative Security Requirement Objects that can be used. Only one of the Security Requirement Objects need to be satisfied to authorize a request. Individual operations can override this definition. The list can be incomplete, up to being empty or absent. To make security explicitly optional, an empty security requirement (`{}`) can be included in the array. | | tags | [[Tag Object](#tag-object)] | A list of tags used by the document with additional metadata. The order of the tags can be used to reflect on their order by the parsing tools. Not all tags that are used by the [Operation Object](#operation-object) must be declared. The tags that are not declared MAY be organized randomly or based on the tools' logic. Each tag name in the list MUST be unique. | | externalDocs | [External Documentation Object](#external-documentation-object) | Additional external documentation. | From e37f64089cf2ee989ed1a0c3f7b6227e8c7b22c6 Mon Sep 17 00:00:00 2001 From: Ralf Handl Date: Fri, 30 Aug 2024 10:00:11 +0200 Subject: [PATCH 221/251] SpecRef reference for Draft Wright-00 --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index f91190b457..e11ca0a7fa 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -2643,7 +2643,7 @@ $ref: definitions.yaml#/Pet The Schema Object allows the definition of input and output data types. These types can be objects, but also primitives and arrays. -This object is an extended subset of the [JSON Schema Specification Draft Wright-00](https://json-schema.org/). +This object is an extended subset of the [[JSON-Schema-05|JSON Schema Specification Draft Wright-00]]. For more information about the keywords, see [JSON Schema Core](https://tools.ietf.org/html/draft-wright-json-schema-00) and [JSON Schema Validation](https://tools.ietf.org/html/draft-wright-json-schema-validation-00). Unless stated otherwise, the keyword definitions follow those of JSON Schema and do not add any additional semantics. From 312434e693bcd7156dc9e6dc9b294b2c8fc65f46 Mon Sep 17 00:00:00 2001 From: Ralf Handl Date: Fri, 30 Aug 2024 11:57:34 +0200 Subject: [PATCH 222/251] Port the undisputed parts of #2140 --- versions/3.0.4.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index f91190b457..2d983a3209 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -445,7 +445,7 @@ The following shows how variables can be used for a server configuration: "variables": { "username": { "default": "demo", - "description": "this value is assigned by the service provider, in this example `gigantic-server.com`" + "description": "A user-specific subdomain. Use `demo` for a free sandbox environment." }, "port": { "enum": ["8443", "443"], @@ -468,7 +468,7 @@ servers: username: # note! no enum here means it is an open value default: demo - description: this value is assigned by the service provider, in this example `gigantic-server.com` + description: A user-specific subdomain. Use `demo` for a free sandbox environment. port: enum: - '8443' @@ -488,7 +488,7 @@ An object representing a Server Variable for server URL template substitution. | Field Name | Type | Description | | ---- | :----: | ---- | | enum | [`string`] | An enumeration of string values to be used if the substitution options are from a limited set. The array SHOULD NOT be empty. | -| default | `string` | **REQUIRED**. The default value to use for substitution, which SHALL be sent if an alternate value is _not_ supplied. Note this behavior is different than the [Schema Object's](#schema-object) treatment of default values, because in those cases parameter values are optional. If the [`enum`](#server-variable-enum) is defined, the value SHOULD exist in the enum's values. | +| default | `string` | **REQUIRED**. The default value to use for substitution, which SHALL be sent if an alternate value is _not_ supplied. If the [`enum`](#server-variable-enum) is defined, the value SHOULD exist in the enum's values. | | description | `string` | An optional description for the server variable. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | This object MAY be extended with [Specification Extensions](#specification-extensions). From eb6eefcc8eed880a6744e774c6881b491b67f32d Mon Sep 17 00:00:00 2001 From: Ralf Handl Date: Tue, 3 Sep 2024 09:20:20 +0200 Subject: [PATCH 223/251] @handrews' proposal, slightly adjusted --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 2d983a3209..7eda3ef459 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -488,7 +488,7 @@ An object representing a Server Variable for server URL template substitution. | Field Name | Type | Description | | ---- | :----: | ---- | | enum | [`string`] | An enumeration of string values to be used if the substitution options are from a limited set. The array SHOULD NOT be empty. | -| default | `string` | **REQUIRED**. The default value to use for substitution, which SHALL be sent if an alternate value is _not_ supplied. If the [`enum`](#server-variable-enum) is defined, the value SHOULD exist in the enum's values. | +| default | `string` | **REQUIRED**. The default value to use for substitution, which SHALL be sent if an alternate value is _not_ supplied. If the [`enum`](#server-variable-enum) is defined, the value SHOULD exist in the enum's values. Note that this behavior is different from the [Schema Object](#schema-object)'s `default` keyword, which documents the receiver's behavior rather than inserting the value into the data. | | description | `string` | An optional description for the server variable. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | This object MAY be extended with [Specification Extensions](#specification-extensions). From 9ddc3066642072c2c7647bdae5401341b9f4f3a3 Mon Sep 17 00:00:00 2001 From: Ralf Handl Date: Fri, 6 Sep 2024 09:45:49 +0200 Subject: [PATCH 224/251] Remove script that is only needed for editing --- package.json | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/package.json b/package.json index 65b9bfe6f8..4699ca7e86 100644 --- a/package.json +++ b/package.json @@ -42,8 +42,5 @@ "Swagger", "schema", "API" - ], - "scripts": { - "format-markdown": "bash ./scripts/format-markdown.sh ./versions/3.0.4.md" - } + ] } From 54a796582094f92538370d23c5f894de0b01494e Mon Sep 17 00:00:00 2001 From: Ralf Handl Date: Fri, 6 Sep 2024 09:49:40 +0200 Subject: [PATCH 225/251] Tested on Windows --- scripts/format-markdown.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/format-markdown.sh b/scripts/format-markdown.sh index c04b971945..3cbe50b68e 100644 --- a/scripts/format-markdown.sh +++ b/scripts/format-markdown.sh @@ -1,6 +1,6 @@ #!/bin/bash -SRCDIR="$(dirname "${BASH_SOURCE[0]}")" # check on Windows +SRCDIR="$(dirname "${BASH_SOURCE[0]}")" for filename in $*; do # mostly to format code blocks with examples, unfortunately messes up bullet lists and tables From 0dd1b3221e36019c2bf16de51a3b930d598b7f7a Mon Sep 17 00:00:00 2001 From: Ralf Handl Date: Fri, 6 Sep 2024 09:51:37 +0200 Subject: [PATCH 226/251] Make script executable --- scripts/format-markdown.sh | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 scripts/format-markdown.sh diff --git a/scripts/format-markdown.sh b/scripts/format-markdown.sh old mode 100644 new mode 100755 From cc8df9d53fc79c18a1779cd88e6762a885ff1fb4 Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Sat, 7 Sep 2024 09:07:05 -0700 Subject: [PATCH 227/251] Clarify complete vs self-contained documents --- versions/3.0.4.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 46005e9eb7..086de31642 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -121,7 +121,9 @@ In order to preserve the ability to round-trip between YAML and JSON formats, YA An OpenAPI Description (OAD) MAY be made up of a single document or be divided into multiple, connected parts at the discretion of the author. In the latter case, [Reference Object](#reference-object) and [Path Item Object](#path-item-object) `$ref` keywords, as well as the [Link Object](#link-object) `operationRef` keyword, are used. -Any document consisting entirely of an [OpenAPI Object](#openapi-object) is known as a **complete OpenAPI document**. +Any document consisting entirely of an [OpenAPI Object](#openapi-object) is known as a **syntactically complete OpenAPI document**. +An OpenAPI document that does ***not*** reference any other documents is known as a **self-contained OpenAPI document.*** +A single-document description is therefore _both_ syntactically complete _and_ self-contained. In a multi-document description, the document containing the OpenAPI Object where parsing begins for a specific API's description is known as that API's **entry OpenAPI document**, or simply **entry document**. It is RECOMMENDED that the entry OpenAPI document be named: `openapi.json` or `openapi.yaml`. @@ -130,7 +132,7 @@ It is RECOMMENDED that the entry OpenAPI document be named: `openapi.json` or `o When parsing an OAD, JSON or YAML objects are parsed into specific Objects (such as [Operation Objects](#operation-object), [Response Objects](#response-object), [Reference Objects](#reference-object), etc.) based on the parsing context. Depending on how references are arranged, a given JSON or YAML object can be parsed in multiple different contexts: -* As a complete OpenAPI Description document +* As a syntactically complete OpenAPI Description document * As the Object type implied by its parent Object within the document * As a reference target, with the Object type matching the reference source's context From c11668cd4eed364256a6ed46b150d393794a6d3b Mon Sep 17 00:00:00 2001 From: Ralf Handl Date: Sat, 7 Sep 2024 18:41:17 +0200 Subject: [PATCH 228/251] Update versions/3.0.4.md --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 086de31642..8bffc966e6 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -122,7 +122,7 @@ In order to preserve the ability to round-trip between YAML and JSON formats, YA An OpenAPI Description (OAD) MAY be made up of a single document or be divided into multiple, connected parts at the discretion of the author. In the latter case, [Reference Object](#reference-object) and [Path Item Object](#path-item-object) `$ref` keywords, as well as the [Link Object](#link-object) `operationRef` keyword, are used. Any document consisting entirely of an [OpenAPI Object](#openapi-object) is known as a **syntactically complete OpenAPI document**. -An OpenAPI document that does ***not*** reference any other documents is known as a **self-contained OpenAPI document.*** +An OpenAPI document that does _not_ reference any other documents is known as a **self-contained OpenAPI document**. A single-document description is therefore _both_ syntactically complete _and_ self-contained. In a multi-document description, the document containing the OpenAPI Object where parsing begins for a specific API's description is known as that API's **entry OpenAPI document**, or simply **entry document**. From e79968952e7bb531b863ff201f12dabf4c520303 Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Mon, 9 Sep 2024 13:46:18 -0700 Subject: [PATCH 229/251] Further clarify link operation ambiguity There are even more ways this can go wrong! --- versions/3.0.4.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 46005e9eb7..e61c2b1937 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -2310,9 +2310,10 @@ For computing links and providing instructions to execute them, a [runtime expre This object MAY be extended with [Specification Extensions](#specification-extensions). A linked operation MUST be identified using either an `operationRef` or `operationId`. -In the case of an `operationId`, it MUST be unique and resolved in the scope of the OpenAPI description. -Because of the potential for name clashes, the `operationRef` syntax is preferred -for multi-document OpenAPI descriptions. +The identified or reference operation MUST be unique, and in the case of an `operationId`, it MUST be resolved within the scope of the OpenAPI Description (OAD). +Because of the potential for name clashes, the `operationRef` syntax is preferred for multi-document OADs. +However, because use of an operation depends on its URL path template in the [Paths Object](#paths-object), operations from any [Path Item Object](#path-item-object) that is referenced multiple times within the OAD cannot be resolved unambiguously. +In such ambiguous cases, the resulting behavior is implementation-defined and MAY result in an error. Note that it is not possible to provide a constant value to `parameters` that matches the syntax of a runtime expression. It is possible to have ambiguous parameter names, e.g. `name: "id", in: "path"` and `name: "path.id", in: "query"`; this is NOT RECOMMENDED and the behavior is implementation-defined, however implementations SHOULD prefer the qualified interpretation (`path.id` as a path parameter), as the names can always be qualified to disambiguate them (e.g. using `query.path.id` for the query parameter). From 3ee24a75ae974393a464bbe491abed0255bb3c3e Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Wed, 11 Sep 2024 09:01:42 -0700 Subject: [PATCH 230/251] Minor param serialization and wording fixes * Explicitly set `explode: false` in an example as the default with `style: form` is `explode: true`; the `explode: true` example was also left explicit to reduce confusion. * Tidy up overly conversational (e.g. "our document") language that I'd meant to revisit but forgot about. * Include the Header Object as one of the places where the `style` keyword is used (even if it is the simplest case) * Minor grammar fix. * Fix a missing space before an RFC reference. --- versions/3.0.4.md | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 46005e9eb7..e5f112c268 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -3789,7 +3789,7 @@ security: See [Resolving Implicit Connections](#resolving-implicit-connections) for more information. -First, our [entry document](#openapi-description-structure) is where parsing begins. It defines the `MySecurity` security scheme to be JWT-based, and it defines a Path Item as a reference to a component in another document: +First, the [entry document](#openapi-description-structure) is where parsing begins. It defines the `MySecurity` security scheme to be JWT-based, and it defines a Path Item as a reference to a component in another document: ```HTTP GET /api/description/openapi HTTP/1.1 @@ -3832,7 +3832,7 @@ paths: $ref: 'other#/components/pathItems/Foo' ``` -Next, we have our referenced document, `other`. The fact that we don't use file extensions gives the client the flexibility to choose an acceptable format on a resource-by-resource basis, assuming both representations are available: +This entry document references another document, `other`, without using a file extension. This gives the client the flexibility to choose an acceptable format on a resource-by-resource basis, assuming both representations are available: ```HTTP GET /api/description/other HTTP/1.1 @@ -3985,11 +3985,12 @@ Requiring input as pre-formatted, schema-validated strings also improves round-t ## Appendix C: Using RFC6570 Implementations -Serialization is defined in terms of [RFC6570](https://www.rfc-editor.org/rfc/rfc6570) URI Templates in two scenarios: +Serialization is defined in terms of [RFC6570](https://www.rfc-editor.org/rfc/rfc6570) URI Templates in three scenarios: | Object | Condition | | ---- | ---- | | [Parameter Object](#parameter-object) | When `schema` is present | +| [Header Object](#header-object) | When `schema` is present | | [Encoding Object](#encoding-object) | When encoding for `application/x-www-form-urlencoded` and any of `style`, `explode`, or `allowReserved` are used | Implementations of this specification MAY use an implementation of RFC6570 to perform variable expansion, however, some caveats apply. @@ -4032,7 +4033,7 @@ parameters: This example is equivalent to RFC6570's `{?foo*,bar}`, and **_NOT_** `{?foo*}{&bar}`. The latter is problematic because if `foo` is not defined, the result will be an invalid URI. The `&` prefix operator has no equivalent in the Parameter Object. -Note that RFC6570 does not specify behavior for compound values beyond the single level addressed by `explode`. The results of using objects or arrays where no behavior is clearly specified for them is implementation-defined. +Note that RFC6570 does not specify behavior for compound values beyond the single level addressed by `explode`. The result of using objects or arrays where no behavior is clearly specified for them is implementation-defined. ### Non-RFC6570 Field Values and Combinations @@ -4114,6 +4115,7 @@ parameters: - name: words in: query style: spaceDelimited + explode: false schema: type: array items: @@ -4321,7 +4323,7 @@ However, care must be taken to use `form-urlencoded` decoding if `+` represents ### Percent-Encoding and Illegal or Reserved Delimiters -The `[`, `]`, `|`, and space characters, which are used as delimiters for the `deepObject`, `pipeDelimited`, and `spaceDelimited` styles, respectively, all MUST be percent-encoded to comply with[[RFC3986]]. +The `[`, `]`, `|`, and space characters, which are used as delimiters for the `deepObject`, `pipeDelimited`, and `spaceDelimited` styles, respectively, all MUST be percent-encoded to comply with [[RFC3986]]. This requires users to pre-encode the character(s) in some other way in parameter names and values to distinguish them from the delimiter usage when using one of these styles. The space character is always illegal and encoded in some way by all implementations of all versions of the relevant standards. From af8f02c52cea1d8e0dc1cf326d2e2629d7f0711e Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Wed, 11 Sep 2024 20:11:02 -0700 Subject: [PATCH 231/251] Don't use both bold and italics Style guide conformance. --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index e5f112c268..b2d9e4cccb 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -4030,7 +4030,7 @@ parameters: type: string ``` -This example is equivalent to RFC6570's `{?foo*,bar}`, and **_NOT_** `{?foo*}{&bar}`. The latter is problematic because if `foo` is not defined, the result will be an invalid URI. +This example is equivalent to RFC6570's `{?foo*,bar}`, and **NOT** `{?foo*}{&bar}`. The latter is problematic because if `foo` is not defined, the result will be an invalid URI. The `&` prefix operator has no equivalent in the Parameter Object. Note that RFC6570 does not specify behavior for compound values beyond the single level addressed by `explode`. The result of using objects or arrays where no behavior is clearly specified for them is implementation-defined. From 4859b03e5f1e87a7d3b2fc600a3551ba539ef6c9 Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Wed, 11 Sep 2024 20:32:49 -0700 Subject: [PATCH 232/251] Further guidance on RFC6570 and delimiters Also give Appendix C a better name because it is relevant whether you are using an actual RFC6570 implementation or not. --- versions/3.0.4.md | 29 +++++++++++++++++++---------- 1 file changed, 19 insertions(+), 10 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 46005e9eb7..5043df90c2 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -1095,12 +1095,12 @@ Serializing with `schema` is NOT RECOMMENDED for `in: "cookie"` parameters, `in: | ---- | :----: | ---- | | style | `string` | Describes how the parameter value will be serialized depending on the type of the parameter value. Default values (based on value of `in`): for `"query"` - `"form"`; for `"path"` - `"simple"`; for `"header"` - `"simple"`; for `"cookie"` - `"form"`. | | explode | `boolean` | When this is true, parameter values of type `array` or `object` generate separate parameters for each value of the array or key-value pair of the map. For other types of parameters this field has no effect. When [`style`](#parameter-style) is `"form"`, the default value is `true`. For all other styles, the default value is `false`. Note that despite `false` being the default for `deepObject`, the combination of `false` with `deepObject` is undefined. | -| allowReserved | `boolean` | When this is true, parameter values are serialized using reserved expansion, as defined by [RFC6570](https://datatracker.ietf.org/doc/html/rfc6570#section-3.2.3), which allows [RFC3986's reserved character set](https://datatracker.ietf.org/doc/html/rfc3986#section-2.2), as well as percent-encoded triples, to pass through unchanged, while still percent-encoding all other disallowed characters (including `%` outside of percent-encoded triples). Applications are still responsible for percent-encoding reserved characters that are [not allowed in the query string](https://datatracker.ietf.org/doc/html/rfc3986#section-3.4) (`[`, `]`, `#`), or have a special meaning in `application/x-www-form-urlencoded` (`-`, `&`, `+`); see Appendices [C](#appendix-c-using-rfc6570-implementations) and [E](#appendix-e-percent-encoding-and-form-media-types) for details. This field only applies to parameters with an `in` value of `query`. The default value is `false`. | +| allowReserved | `boolean` | When this is true, parameter values are serialized using reserved expansion, as defined by [RFC6570](https://datatracker.ietf.org/doc/html/rfc6570#section-3.2.3), which allows [RFC3986's reserved character set](https://datatracker.ietf.org/doc/html/rfc3986#section-2.2), as well as percent-encoded triples, to pass through unchanged, while still percent-encoding all other disallowed characters (including `%` outside of percent-encoded triples). Applications are still responsible for percent-encoding reserved characters that are [not allowed in the query string](https://datatracker.ietf.org/doc/html/rfc3986#section-3.4) (`[`, `]`, `#`), or have a special meaning in `application/x-www-form-urlencoded` (`-`, `&`, `+`); see Appendices [C](#appendix-c-using-rfc6570-based-serialization) and [E](#appendix-e-percent-encoding-and-form-media-types) for details. This field only applies to parameters with an `in` value of `query`. The default value is `false`. | | schema | [Schema Object](#schema-object) \| [Reference Object](#reference-object) | The schema defining the type used for the parameter. | | example | Any | Example of the parameter's potential value; see [Working With Examples](#working-with-examples). | | examples | Map[ `string`, [Example Object](#example-object) \| [Reference Object](#reference-object)] | Examples of the parameter's potential value; see [Working With Examples](#working-with-examples). | -See also [Appendix C: Using RFC6570 Implementations](#appendix-c-using-rfc6570-implementations) for additional guidance. +See also [Appendix C: Using RFC6570-Based Serialization](#appendix-c-using-rfc6570-based-serialization) for additional guidance. ###### Fixed Fields for use with `content` @@ -1142,7 +1142,7 @@ The following table shows examples, as would be shown with the `example` or `exa * The value _empty_ denotes the empty string, and is unrelated to the `allowEmptyValue` field * The behavior of combinations marked _n/a_ is undefined * The `undefined` column replaces the `empty` column in previous versions of this specification in order to better align with [RFC6570](https://www.rfc-editor.org/rfc/rfc6570.html#section-2.3) terminology, which describes certain values including but not limited to `null` as "undefined" values with special handling; notably, the empty string is _not_ undefined -* For `form` and the non-RFC6570 query string styles `spaceDelimited`, `pipeDelimited`, and `deepObject`, each example is shown prefixed with `?` as if it were the only query parameter; see [Appendix C](#appendix-c-using-rfc6570-implementations) for more information on constructing query strings from multiple parameters, and [Appendix D](#appendix-d-serializing-headers-and-cookies) for warnings regarding `form` and cookie parameters +* For `form` and the non-RFC6570 query string styles `spaceDelimited`, `pipeDelimited`, and `deepObject`, each example is shown prefixed with `?` as if it were the only query parameter; see [Appendix C](#appendix-c-using-rfc6570-based-serialization) for more information on constructing query strings from multiple parameters, and [Appendix D](#appendix-d-serializing-headers-and-cookies) for warnings regarding `form` and cookie parameters * Note that the `?` prefix is not appropriate for serializing `application/x-www-form-urlencoded` HTTP message bodies, and MUST be stripped or (if constructing the string manually) not added when used in that context; see the [Encoding Object](#encoding-object) for more information * The examples are percent-encoded as required by RFC6570 and RFC3986; see [Appendix E](#appendix-e-percent-encoding-and-form-media-types) for a thorough discussion of percent-encoding concerns, including why unencoded `|` (`%7C`), `[` (`%5B`), and `]` (`%5D`) seem to work in some environments despite not being compliant. @@ -1589,9 +1589,9 @@ See [Appendix B](#appendix-b-data-type-conversion) for a discussion of data type | ---- | :----: | ---- | | style | `string` | Describes how a specific property value will be serialized depending on its type. See [Parameter Object](#parameter-object) for details on the [`style`](#parameter-style) field. The behavior follows the same values as `query` parameters, including default values. Note that the initial `?` used in query strings is not used in `application/x-www-form-urlencoded` message bodies, and MUST be removed (if using an RFC6570 implementation) or simply not added (if constructing the string manually). This field SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. | | explode | `boolean` | When this is true, property values of type `array` or `object` generate separate parameters for each value of the array, or key-value-pair of the map. For other types of properties this field has no effect. When [`style`](#encoding-style) is `"form"`, the default value is `true`. For all other styles, the default value is `false`. Note that despite `false` being the default for `deepObject`, the combination of `false` with `deepObject` is undefined. This field SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. | -| allowReserved | `boolean` | When this is true, parameter values are serialized using reserved expansion, as defined by [RFC6570](https://datatracker.ietf.org/doc/html/rfc6570#section-3.2.3), which allows [RFC3986's reserved character set](https://datatracker.ietf.org/doc/html/rfc3986#section-2.2), as well as percent-encoded triples, to pass through unchanged, while still percent-encoding all other disallowed characters (including `%` outside of percent-encoded triples). Applications are still responsible for percent-encoding reserved characters that are [not allowed in the query string](https://datatracker.ietf.org/doc/html/rfc3986#section-3.4) (`[`, `]`, `#`), or have a special meaning in `application/x-www-form-urlencoded` (`-`, `&`, `+`); see Appendices [C](#appendix-c-using-rfc6570-implementations) and [E](#appendix-e-percent-encoding-and-form-media-types) for details. The default value is `false`. This field SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. | +| allowReserved | `boolean` | When this is true, parameter values are serialized using reserved expansion, as defined by [RFC6570](https://datatracker.ietf.org/doc/html/rfc6570#section-3.2.3), which allows [RFC3986's reserved character set](https://datatracker.ietf.org/doc/html/rfc3986#section-2.2), as well as percent-encoded triples, to pass through unchanged, while still percent-encoding all other disallowed characters (including `%` outside of percent-encoded triples). Applications are still responsible for percent-encoding reserved characters that are [not allowed in the query string](https://datatracker.ietf.org/doc/html/rfc3986#section-3.4) (`[`, `]`, `#`), or have a special meaning in `application/x-www-form-urlencoded` (`-`, `&`, `+`); see Appendices [C](#appendix-c-using-rfc6570-based-serialization) and [E](#appendix-e-percent-encoding-and-form-media-types) for details. The default value is `false`. This field SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. | -See also [Appendix C: Using RFC6570 Implementations](#appendix-c-using-rfc6570-implementations) for additional guidance. +See also [Appendix C: Using RFC6570-Based Serialization](#appendix-c-using-rfc6570-based-serialization) for additional guidance. The role of `contentType` with `application/x-www-form-urlencoded` request bodies was not described in detail in version 3.0.3 and earlier of this specification. To match the intent of these fields and be compatible with version 3.1 of this specification, it is RECOMMENDED that whenever any of `style`, `explode`, or `allowReserved` are present with an explicit value: @@ -2501,7 +2501,7 @@ The `example` and `examples` fields are mutually exclusive, and if either is pre | example | Any | Example of the header's potential value; see [Working With Examples](#working-with-examples). | | examples | Map[ `string`, [Example Object](#example-object) \| [Reference Object](#reference-object)] | Examples of the header's potential value; see [Working With Examples](#working-with-examples). | -See also [Appendix C: Using RFC6570 Implementations](#appendix-c-using-rfc6570-implementations) for additional guidance. +See also [Appendix C: Using RFC6570-Based Serialization](#appendix-c-using-rfc6570-based-serialization) for additional guidance. ###### Fixed Fields for use with `content` @@ -3983,7 +3983,7 @@ However, care must be taken with `format` to ensure that the specific formats ar Requiring input as pre-formatted, schema-validated strings also improves round-trip interoperability as not all programming languages and environments support the same data types. -## Appendix C: Using RFC6570 Implementations +## Appendix C: Using RFC6570-Based Serialization Serialization is defined in terms of [RFC6570](https://www.rfc-editor.org/rfc/rfc6570) URI Templates in two scenarios: @@ -4034,6 +4034,15 @@ The `&` prefix operator has no equivalent in the Parameter Object. Note that RFC6570 does not specify behavior for compound values beyond the single level addressed by `explode`. The results of using objects or arrays where no behavior is clearly specified for them is implementation-defined. +### Delimiters in Parameter Values + +Delimiters used by RFC6570 expansion, such as the `,` used to join arrays or object values with `style: "simple"`, are all automatically percent-encoded as long as `allowReserved` is `false`. +Note that since RFC6570 does not define a way to parse variables based on a URI Template, users must take care to first split values by delimiter before percent-decoding values that might contain the delimiter character. + +When `allowReserved` is `true`, both percent-encoding (prior to joining values with a delimiter) and percent-decoding (after splitting on the delimiter) must be done manually at the correct time. + +See [Appendix E](#appendix-e-percent-encoding-and-form-media-types) for additional guidance on handling delimiters for `style` values with no RFC6570 equivalent that already need to be percent-encoded when used as delimiters. + ### Non-RFC6570 Field Values and Combinations Configurations with no direct [RFC6570](https://datatracker.ietf.org/doc/html/rfc6570) equivalent SHOULD also be handled according to RFC6570. @@ -4239,7 +4248,7 @@ With `style: "simple"`, that delimiter would itself be percent-encoded, violatin Using `style: "form"` with `in: "cookie"` is ambiguous for a single value, and incorrect for multiple values. This is true whether the multiple values are the result of using `explode: true` or not. -This style is specified to be equivalent to RFC6570 form expansion which includes the `?` character (see [Appendix C](#appendix-c-using-rfc6570-implementations) for more details), which is not part of the cookie syntax. +This style is specified to be equivalent to RFC6570 form expansion which includes the `?` character (see [Appendix C](#appendix-c-using-rfc6570-based-serialization) for more details), which is not part of the cookie syntax. However, examples of this style in past versions of this specification have not included the `?` prefix, suggesting that the comparison is not exact. Because implementations that rely on an RFC6570 implementation and those that perform custom serialization based on the style example will produce different results, it is implementation-defined as to which of the two results is correct. @@ -4266,7 +4275,7 @@ Reserved characters with no special meaning defined within a component can be le However, other specifications can define special meanings, requiring percent-encoding for those characters outside of the additional special meanings. The `form-urlencoded` media type defines special meanings for `=` and `&` as delimiters, and `+` as the replacement for the space character (instead of its percent-encoded form of `%20`). -This means that while these three characters are reserved-but-allowed in query strings by RFC3986, they must be percent-encoded in `form-urlencoded` query strings except when used for their `form-urlencoded` purposes; see [Appendix C](#appendix-c-using-rfc6570-implementations) for an example of handling `+` in form values. +This means that while these three characters are reserved-but-allowed in query strings by RFC3986, they must be percent-encoded in `form-urlencoded` query strings except when used for their `form-urlencoded` purposes; see [Appendix C](#appendix-c-using-rfc6570-based-serialization) for an example of handling `+` in form values. ### Percent-Encoding and `form-data` @@ -4290,7 +4299,7 @@ This specification normatively cites the following relevant standards: | [RFC1866](https://datatracker.ietf.org/doc/html/rfc1866#section-8.2.1) | 11/1995 | content-based serialization | [[RFC1738]] | obsoleted by [[HTML401]] [Section 17.13.4.1](https://www.w3.org/TR/html401/interact/forms.html#h-17.13.4.1), [[URL]] [Section 5](https://url.spec.whatwg.org/#urlencoded-serializing) | Style-based serialization is used in the [Parameter Object](#parameter-object) when `schema` is present, and in the [Encoding Object](#encoding-object) when at least one of `style`, `explode`, or `allowReserved` is present. -See [Appendix C](#appendix-c-using-rfc6570-implementations) for more details of RFC6570's two different approaches to percent-encoding, including an example involving `+`. +See [Appendix C](#appendix-c-using-rfc6570-based-serialization) for more details of RFC6570's two different approaches to percent-encoding, including an example involving `+`. Content-based serialization is defined by the [Media Type Object](#media-type-object), and used with the [Parameter Object](#parameter-object) when the `content` field is present, and with the [Encoding Object](#encoding-object) based on the `contentType` field when the fields `style`, `explode`, and `allowReserved` are absent. Each part is encoded based on the media type (e.g. `text/plain` or `application/json`), and must then be percent-encoded for use in a `form-urlencoded` string. From 6eda0990347b2ad9bcb6fc235b52ab0810ffcc4b Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Thu, 12 Sep 2024 09:30:41 -0700 Subject: [PATCH 233/251] Move complex Sec Req example to appendix F The extended example with a multi-document OAD and a Security Requirement in the referenced document did to fit well where it was, and there wasn't room in the Resolving Implicit Connections area. So this moves it to an Appendix linked from both locations. --- versions/3.0.4.md | 196 +++++++++++++++++++++++----------------------- 1 file changed, 99 insertions(+), 97 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 1b1610048a..f4f3f8c379 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -171,7 +171,7 @@ The interface approach can also work for Discriminator Objects and Schema Object There are no URI-based alternatives for the Security Requirement Object or for the Operation Object's `tags` field. These limitations are expected to be addressed in a future release. -See [Security Requirement in a Referenced Document](#security-requirement-in-a-referenced-document) for an example of the possible resolutions, including which one is recommended by this section. +See [Appendix F: Resolving Security Requirements in a Referenced Document](#appendix-f-resolving-security-requirements-in-a-referenced-document) for an example of the possible resolutions, including which one is recommended by this section. The behavior for Discrimator Object non-URI mappings and for the Operation Object's `tags` field operate on the same principles. Note that no aspect of implicit connection resolution changes how [URLs are resolved](#relative-references-in-urls) or restricts their possible targets. @@ -3739,6 +3739,8 @@ When a list of Security Requirement Objects is defined on the [OpenAPI Object](# ##### Security Requirement Object Examples +See also [Appendix F: Resolving Security Requirements in a Referenced Document](#appendix-f-resolving-security-requirements-in-a-referenced-document) for an example using Security Requirement Objects in multi-document OpenAPI Descriptions. + ###### Non-OAuth2 Security Requirement ```json @@ -3788,102 +3790,6 @@ security: - read:pets ``` -###### Security Requirement in a Referenced Document - -See [Resolving Implicit Connections](#resolving-implicit-connections) for more information. - -First, the [entry document](#openapi-description-structure) is where parsing begins. It defines the `MySecurity` security scheme to be JWT-based, and it defines a Path Item as a reference to a component in another document: - -```HTTP -GET /api/description/openapi HTTP/1.1 -Host: www.example.com -Accept: application/openapi+json -``` - -```json -"components": { - "securitySchemes": { - "MySecurity": { - "type": "http", - "scheme": "bearer", - "bearerFormat": "JWT" - } - } -}, -"paths": { - "/foo": { - "$ref": "other#/components/pathItems/Foo" - } -} -``` - -```HTTP -GET /api/description/openapi HTTP/1.1 -Host: www.example.com -Accept: application/openapi+yaml -``` - -```yaml -components: - securitySchemes: - MySecurity: - type: http - scheme: bearer - bearerFormat: JWT -paths: - /foo: - $ref: 'other#/components/pathItems/Foo' -``` - -This entry document references another document, `other`, without using a file extension. This gives the client the flexibility to choose an acceptable format on a resource-by-resource basis, assuming both representations are available: - -```HTTP -GET /api/description/other HTTP/1.1 -Host: www.example.com -Accept: application/openapi+json -``` - -```json -"components": { - "securitySchemes": { - "MySecurity": { - "type": "http", - "scheme": "basic" - } - }, - "pathItems": { - "Foo": { - "get": { - "security": [ - "MySecurity": [] - ] - } - } - } -} -``` - -```HTTP -GET /api/description/other HTTP/1.1 -Host: www.example.com -Accept: application/openapi+yaml -``` - -```yaml -components: - securitySchemes: - MySecurity: - type: http - scheme: basic - pathItems: - Foo: - get: - security: - - MySecurity: [] -``` - -In the `other` document, the referenced path item has a Security Requirement for a Security Scheme, `MySecurity`. The same Security Scheme exists in the original entry document. As outlined in [Resolving Implicit Connections](#resolving-implicit-connections), `MySecurity` is resolved with an [implementation-defined behavior](#undefined-and-implementation-defined-behavior). However, documented in that section, it is RECOMMENDED that tools resolve component names from the [entry document](#openapi-description-structure). As with all implementation-defined behavior, it is important to check tool documentation to determine which behavior is supported. - ### Specification Extensions While the OpenAPI Specification tries to accommodate most use cases, additional data can be added to extend the specification at certain points. @@ -4347,3 +4253,99 @@ Code that relies on leaving these delimiters unencoded, while using regular perc For maximum interoperability, it is RECOMMENDED to either define and document an additional escape convention while percent-encoding the delimiters for these styles, or to avoid these styles entirely. The exact method of additional encoding/escaping is left to the API designer, and is expected to be performed before serialization and encoding described in this specification, and reversed after this specification's encoding and serialization steps are reversed. This keeps it outside of the processes governed by this specification. + +## Appendix F: Resolving Security Requirements in a Referenced Document + +This appendix shows how to retrieve an HTTP-accessible multi-document OpenAPI Description (OAD) and resolve a [Security Requirement Object](#security-requirement-object) in the referenced (non-entry) document. See [Resolving Implicit Connections](#resolving-implicit-connections) for more information. + +First, the [entry document](#openapi-description-structure) is where parsing begins. It defines the `MySecurity` security scheme to be JWT-based, and it defines a Path Item as a reference to a component in another document: + +```HTTP +GET /api/description/openapi HTTP/1.1 +Host: www.example.com +Accept: application/openapi+json +``` + +```json +"components": { + "securitySchemes": { + "MySecurity": { + "type": "http", + "scheme": "bearer", + "bearerFormat": "JWT" + } + } +}, +"paths": { + "/foo": { + "$ref": "other#/components/pathItems/Foo" + } +} +``` + +```HTTP +GET /api/description/openapi HTTP/1.1 +Host: www.example.com +Accept: application/openapi+yaml +``` + +```yaml +components: + securitySchemes: + MySecurity: + type: http + scheme: bearer + bearerFormat: JWT +paths: + /foo: + $ref: 'other#/components/pathItems/Foo' +``` + +This entry document references another document, `other`, without using a file extension. This gives the client the flexibility to choose an acceptable format on a resource-by-resource basis, assuming both representations are available: + +```HTTP +GET /api/description/other HTTP/1.1 +Host: www.example.com +Accept: application/openapi+json +``` + +```json +"components": { + "securitySchemes": { + "MySecurity": { + "type": "http", + "scheme": "basic" + } + }, + "pathItems": { + "Foo": { + "get": { + "security": [ + "MySecurity": [] + ] + } + } + } +} +``` + +```HTTP +GET /api/description/other HTTP/1.1 +Host: www.example.com +Accept: application/openapi+yaml +``` + +```yaml +components: + securitySchemes: + MySecurity: + type: http + scheme: basic + pathItems: + Foo: + get: + security: + - MySecurity: [] +``` + +In the `other` document, the referenced path item has a Security Requirement for a Security Scheme, `MySecurity`. The same Security Scheme exists in the original entry document. As outlined in [Resolving Implicit Connections](#resolving-implicit-connections), `MySecurity` is resolved with an [implementation-defined behavior](#undefined-and-implementation-defined-behavior). However, documented in that section, it is RECOMMENDED that tools resolve component names from the [entry document](#openapi-description-structure). As with all implementation-defined behavior, it is important to check tool documentation to determine which behavior is supported. From e46084e8c3c729762f5cb0e6799c78f4fad06556 Mon Sep 17 00:00:00 2001 From: Mike Kistler Date: Tue, 17 Sep 2024 06:33:47 -0500 Subject: [PATCH 234/251] Fix description vs document terminology --- versions/3.0.4.md | 57 ++++++++++++++++++++++++----------------------- 1 file changed, 29 insertions(+), 28 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index f4f3f8c379..f3aba62a1e 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -10,7 +10,7 @@ This document is licensed under [The Apache License, Version 2.0](https://www.ap The OpenAPI Specification (OAS) defines a standard, language-agnostic interface to HTTP APIs which allows both humans and computers to discover and understand the capabilities of the service without access to source code, documentation, or through network traffic inspection. When properly defined, a consumer can understand and interact with the remote service with a minimal amount of implementation logic. -An OpenAPI description can then be used by documentation generation tools to display the API, code generation tools to generate servers and clients in various programming languages, testing tools, and many other use cases. +An OpenAPI Description can then be used by documentation generation tools to display the API, code generation tools to generate servers and clients in various programming languages, testing tools, and many other use cases. For examples of OpenAPI usage and additional documentation, please visit [[?OpenAPI-Learn]]. @@ -89,11 +89,11 @@ The OpenAPI Specification is versioned using a `major`.`minor`.`patch` versionin Occasionally, non-backwards compatible changes may be made in `minor` versions of the OAS where impact is believed to be low relative to the benefit provided. -An OpenAPI description document compatible with OAS 3.\*.\* contains a required [`openapi`](#oas-version) field which designates the version of the OAS that it uses. +An OpenAPI Description compatible with OAS 3.\*.\* contains a required [`openapi`](#oas-version) field which designates the version of the OAS that it uses. ### Format -An OpenAPI description document that conforms to the OpenAPI Specification is itself a JSON object, which may be represented either in JSON or YAML format. +An OpenAPI Description that conforms to the OpenAPI Specification is itself a JSON object, which may be represented either in JSON or YAML format. For example, if a field has an array value, the JSON array representation will be used: @@ -115,25 +115,22 @@ In order to preserve the ability to round-trip between YAML and JSON formats, YA * Tags MUST be limited to those allowed by [YAML's JSON schema ruleset](https://yaml.org/spec/1.2/spec.html#id2803231), which defines a subset of the YAML syntax and is unrelated to [[JSON-Schema-05|JSON Schema]]. * Keys used in YAML maps MUST be limited to a scalar string, as defined by the [YAML Failsafe schema ruleset](https://yaml.org/spec/1.2/spec.html#id2802346). -**Note:** While APIs may be described by OpenAPI documents in either YAML or JSON format, the API request and response bodies and other content are not required to be JSON or YAML. +**Note:** While APIs may be described by OpenAPI Description in either YAML or JSON format, the API request and response bodies and other content are not required to be JSON or YAML. ### OpenAPI Description Structure -An OpenAPI Description (OAD) MAY be made up of a single document or be divided into multiple, connected parts at the discretion of the author. In the latter case, [Reference Object](#reference-object) and [Path Item Object](#path-item-object) `$ref` keywords, as well as the [Link Object](#link-object) `operationRef` keyword, are used. +An OpenAPI Description (OAD) MAY be structured as a single JSON or YAML document or composed from elements distributed across multiple documents at the discretion of the author. In the latter case, [Reference Object](#reference-object) and [Path Item Object](#path-item-object) `$ref` keywords, as well as the [Link Object](#link-object) `operationRef` keyword, are used to identify the documents containing the referenced elements. -Any document consisting entirely of an [OpenAPI Object](#openapi-object) is known as a **syntactically complete OpenAPI document**. -An OpenAPI document that does _not_ reference any other documents is known as a **self-contained OpenAPI document**. -A single-document description is therefore _both_ syntactically complete _and_ self-contained. -In a multi-document description, the document containing the OpenAPI Object where parsing begins for a specific API's description is known as that API's **entry OpenAPI document**, or simply **entry document**. +In a multi-document OAD, the document containing the OpenAPI Object where parsing begins is known as that OAD's **entry document**. -It is RECOMMENDED that the entry OpenAPI document be named: `openapi.json` or `openapi.yaml`. +It is RECOMMENDED that the entry document of an OAD be named: `openapi.json` or `openapi.yaml`. #### Structural Interoperability -When parsing an OAD, JSON or YAML objects are parsed into specific Objects (such as [Operation Objects](#operation-object), [Response Objects](#response-object), [Reference Objects](#reference-object), etc.) based on the parsing context. Depending on how references are arranged, a given JSON or YAML object can be parsed in multiple different contexts: +JSON or YAML objects within an OAD are interpreted as specific Objects (such as [Operation Objects](#operation-object), [Response Objects](#response-object), [Reference Objects](#reference-object), etc.) based on their context. Depending on how references are arranged, a given JSON or YAML object can be interpreted in multiple different contexts: -* As a syntactically complete OpenAPI Description document -* As the Object type implied by its parent Object within the document +* The root object of the entry document is interpreted as an OpenAPI Object +* As the Object type implied by its parent Object within the description * As a reference target, with the Object type matching the reference source's context If the same JSON/YAML object is parsed multiple times and the respective contexts require it to be parsed as _different_ Object types, the resulting behavior is _implementation defined_, and MAY be treated as an error if detected. An example would be referencing an empty Schema Object under `#/components/schemas` where a Path Item Object is expected, as an empty object is valid for both types. For maximum interoperability, it is RECOMMENDED that OpenAPI Description authors avoid such scenarios. @@ -249,13 +246,13 @@ In the following description, if a field is not explicitly **REQUIRED** or descr #### OpenAPI Object -This is the root object of the [OpenAPI document](#openapi-description). +This is the root object of the [OpenAPI Description](#openapi-description). ##### Fixed Fields | Field Name | Type | Description | | ---- | :----: | ---- | -| openapi | `string` | **REQUIRED**. This string MUST be the [version number](#versions) of the OpenAPI Specification that the OpenAPI document uses. The `openapi` field SHOULD be used by tooling to interpret the OpenAPI document. This is _not_ related to the API [`info.version`](#info-version) string. | +| openapi | `string` | **REQUIRED**. This string MUST be the [version number](#versions) of the OpenAPI Specification that the OpenAPI Description uses. The `openapi` field SHOULD be used by tooling to interpret the OpenAPI Description. This is _not_ related to the API [`info.version`](#info-version) string. | | info | [Info Object](#info-object) | **REQUIRED**. Provides metadata about the API. The metadata MAY be used by tooling as required. | | servers | [[Server Object](#server-object)] | An array of Server Objects, which provide connectivity information to a target server. If the `servers` field is not provided, or is an empty array, the default value would be a [Server Object](#server-object) with a [url](#server-url) value of `/`. | | paths | [Paths Object](#paths-object) | **REQUIRED**. The available paths and operations for the API. | @@ -280,7 +277,7 @@ The metadata MAY be used by the clients if needed, and MAY be presented in editi | termsOfService | `string` | A URL for the Terms of Service for the API. This MUST be in the form of a URL. | | contact | [Contact Object](#contact-object) | The contact information for the exposed API. | | license | [License Object](#license-object) | The license information for the exposed API. | -| version | `string` | **REQUIRED**. The version of the OpenAPI document (which is distinct from the [OpenAPI Specification version](#oas-version) or the version of the API being described). | +| version | `string` | **REQUIRED**. The version of the OpenAPI Description (which is distinct from the [OpenAPI Specification version](#oas-version) or the version of the API being described). | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -383,7 +380,7 @@ An object representing a Server. | Field Name | Type | Description | | ---- | :----: | ---- | -| url | `string` | **REQUIRED**. A URL to the target host. This URL supports Server Variables and MAY be relative, to indicate that the host location is relative to the location where the OpenAPI document is being served. Variable substitutions will be made when a variable is named in `{`braces`}`. | +| url | `string` | **REQUIRED**. A URL to the target host. This URL supports Server Variables and MAY be relative, to indicate that the host location is relative to the location where the entry document of the OpenAPI Description is being served. Variable substitutions will be made when a variable is named in `{`braces`}`. | | description | `string` | An optional string describing the host designated by the URL. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | | variables | Map[`string`, [Server Variable Object](#server-variable-object)] | A map between a variable name and its value. The value is used for substitution in the server's URL template. | @@ -2152,7 +2149,7 @@ Because examples using these fields represent the final serialized form of the d The singular `example` field in the Parameter or Media Type Object is concise and convenient for simple examples, but does not offer any other advantages over using Example Objects under `examples`. Some examples cannot be represented directly in JSON or YAML. -For all three ways of providing examples, these can be shown as string values with any escaping necessary to make the string valid in the JSON or YAML format of the OpenAPI Description document. +For all three ways of providing examples, these can be shown as string values with any escaping necessary to make the string valid in the JSON or YAML format of the OpenAPI Description. With the Example Object, such values can alternatively be handled through the `externalValue` field. ##### Example Object Examples @@ -2302,7 +2299,7 @@ For computing links and providing instructions to execute them, a [runtime expre | Field Name | Type | Description | | ---- | :----: | ---- | -| operationRef | `string` | A relative or absolute URI reference to an OAS operation. This field is mutually exclusive of the `operationId` field, and MUST point to an [Operation Object](#operation-object). Relative `operationRef` values MAY be used to locate an existing [Operation Object](#operation-object) in the OpenAPI description. | +| operationRef | `string` | A relative or absolute URI reference to an OAS operation. This field is mutually exclusive of the `operationId` field, and MUST point to an [Operation Object](#operation-object). Relative `operationRef` values MAY be used to locate an existing [Operation Object](#operation-object) in the OpenAPI Description. | | operationId | `string` | The name of an _existing_, resolvable OAS operation, as defined with a unique `operationId`. This field is mutually exclusive of the `operationRef` field. | | parameters | Map[`string`, Any \| [{expression}](#runtime-expressions)] | A map representing parameters to pass to an operation as specified with `operationId` or identified via `operationRef`. The key is the parameter name to be used (optionally qualified with the parameter location, e.g. `path.id` for an `id` parameter in the path), whereas the value can be a constant or an expression to be evaluated and passed to the linked operation. | | requestBody | Any \| [{expression}](#runtime-expressions) | A literal value or [{expression}](#runtime-expressions) to use as a request body when calling the target operation. | @@ -2592,7 +2589,7 @@ description: Pets operations #### Reference Object -A simple object to allow referencing other components in the OpenAPI document, internally and externally. +A simple object to allow referencing other components in the OpenAPI Description, internally and externally. The Reference Object is defined by [JSON Reference](https://tools.ietf.org/html/draft-pbryan-zyp-json-ref-03) and follows the same structure, behavior and rules. @@ -3076,7 +3073,7 @@ However, the exact nature of such conversions are implementation-defined. ##### Examples -For these examples, assume all schemas are in the entry OpenAPI document; for handling of `discriminator` in referenced documents see [Resolving Implicit Connections](#resolving-implicit-connections). +For these examples, assume all schemas are in a single-document OpenAPI Description; for handling of `discriminator` in referenced documents see [Resolving Implicit Connections](#resolving-implicit-connections). In OAS 3.0, a response payload MAY be described to be exactly one of any number of types: @@ -3100,7 +3097,7 @@ MyResponseType: propertyName: petType ``` -The expectation now is that a property with name `petType` _MUST_ be present in the response payload, and the value will correspond to the name of a schema defined in the OpenAPI description. Thus the response payload: +The expectation now is that a property with name `petType` _MUST_ be present in the response payload, and the value will correspond to the name of a schema defined in the OpenAPI Description. Thus the response payload: ```json { @@ -3802,7 +3799,7 @@ The extensions properties are implemented as patterned fields that are always pr The OpenAPI Initiative maintains several [[OpenAPI-Registry|extension registries]], including registries for [individual extension keywords](https://spec.openapis.org/registry/extension/) and [extension keyword namespaces](https://spec.openapis.org/registry/namespace/). -Extensions are one of the best ways to prove the viability of proposed additions to the specification. +Extensions are one of the best ways to prove the viability of proposed additions to the specification. It is therefore RECOMMENDED that implementations be designed for extensibility to support community experimentation. Support for any one extension is OPTIONAL, and support for one extension does not imply support for others. @@ -3821,9 +3818,9 @@ Two examples of this: ## Security Considerations -### OpenAPI Document Formats +### OpenAPI Description Formats -OpenAPI description documents use JSON, YAML, and JSON Schema, and therefore share their security considerations: +OpenAPI Descriptions use JSON, YAML, and JSON Schema, and therefore share their security considerations: * [JSON](https://www.iana.org/assignments/media-types/application/json) * [YAML](https://www.iana.org/assignments/media-types/application/yaml) @@ -3832,15 +3829,19 @@ OpenAPI description documents use JSON, YAML, and JSON Schema, and therefore sha ### Tooling and Usage Scenarios -In addition, OpenAPI description documents are processed by a wide variety of tooling for numerous different purposes, such as client code generation, documentation generation, server side routing, and API testing. OpenAPI description authors must consider the risks of the scenarios where the OpenAPI description may be used. +In addition, OpenAPI Descriptions are processed by a wide variety of tooling for numerous different purposes, such as client code generation, documentation generation, server side routing, and API testing. OpenAPI Description authors must consider the risks of the scenarios where the OpenAPI Description may be used. ### Security Schemes -An OpenAPI description describes the security schemes used to protect the resources it defines. The security schemes available offer varying degrees of protection. Factors such as the sensitivity of the data and the potential impact of a security breach should guide the selection of security schemes for the API resources. Some security schemes, such as basic auth and OAuth Implicit flow, are supported for compatibility with existing APIs. However, their inclusion in OpenAPI does not constitute an endorsement of their use, particularly for highly sensitive data or operations. +An OpenAPI Description describes the security schemes used to protect the resources it defines. The security schemes available offer varying degrees of protection. Factors such as the sensitivity of the data and the potential impact of a security breach should guide the selection of security schemes for the API resources. Some security schemes, such as basic auth and OAuth Implicit flow, are supported for compatibility with existing APIs. However, their inclusion in OpenAPI does not constitute an endorsement of their use, particularly for highly sensitive data or operations. ### Handling External Resources -OpenAPI description documents may contain references to external resources that may be dereferenced automatically by consuming tools. External resources may be hosted on different domains that may be untrusted. References in an OpenAPI document, or across OpenAPI documents within a multi-document OpenAPI description, may cause a cycle. Tooling must detect and handle cycles to prevent resource exhaustion. +OpenAPI Descriptions may contain references to external resources that may be dereferenced automatically by consuming tools. External resources may be hosted on different domains that may be untrusted. + +### Handling Reference Cycles + +References in an OpenAPI Description may cause a cycle. Tooling must detect and handle cycles to prevent resource exhaustion. ### Markdown and HTML Sanitization From ce21969f83b008df9f2eeeaf43a1ba37db38e403 Mon Sep 17 00:00:00 2001 From: Mike Kistler Date: Tue, 17 Sep 2024 07:48:14 -0500 Subject: [PATCH 235/251] Apply suggestions from PR review Co-authored-by: Ralf Handl --- versions/3.0.4.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index f3aba62a1e..aba07e2644 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -115,7 +115,7 @@ In order to preserve the ability to round-trip between YAML and JSON formats, YA * Tags MUST be limited to those allowed by [YAML's JSON schema ruleset](https://yaml.org/spec/1.2/spec.html#id2803231), which defines a subset of the YAML syntax and is unrelated to [[JSON-Schema-05|JSON Schema]]. * Keys used in YAML maps MUST be limited to a scalar string, as defined by the [YAML Failsafe schema ruleset](https://yaml.org/spec/1.2/spec.html#id2802346). -**Note:** While APIs may be described by OpenAPI Description in either YAML or JSON format, the API request and response bodies and other content are not required to be JSON or YAML. +**Note:** While APIs may be described by OpenAPI Descriptions in either YAML or JSON format, the API request and response bodies and other content are not required to be JSON or YAML. ### OpenAPI Description Structure @@ -130,7 +130,7 @@ It is RECOMMENDED that the entry document of an OAD be named: `openapi.json` or JSON or YAML objects within an OAD are interpreted as specific Objects (such as [Operation Objects](#operation-object), [Response Objects](#response-object), [Reference Objects](#reference-object), etc.) based on their context. Depending on how references are arranged, a given JSON or YAML object can be interpreted in multiple different contexts: * The root object of the entry document is interpreted as an OpenAPI Object -* As the Object type implied by its parent Object within the description +* As the Object type implied by its parent Object within the OpenAPI Description * As a reference target, with the Object type matching the reference source's context If the same JSON/YAML object is parsed multiple times and the respective contexts require it to be parsed as _different_ Object types, the resulting behavior is _implementation defined_, and MAY be treated as an error if detected. An example would be referencing an empty Schema Object under `#/components/schemas` where a Path Item Object is expected, as an empty object is valid for both types. For maximum interoperability, it is RECOMMENDED that OpenAPI Description authors avoid such scenarios. From dfacec5c4d6e58480cea28d645e09a34df2031dd Mon Sep 17 00:00:00 2001 From: Mike Kistler Date: Tue, 17 Sep 2024 08:06:20 -0500 Subject: [PATCH 236/251] Commit suggestions from PR review. Co-authored-by: Ralf Handl --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index aba07e2644..78c90808a8 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -3820,7 +3820,7 @@ Two examples of this: ### OpenAPI Description Formats -OpenAPI Descriptions use JSON, YAML, and JSON Schema, and therefore share their security considerations: +OpenAPI Descriptions use a combination of JSON, YAML, and JSON Schema, and therefore share their security considerations: * [JSON](https://www.iana.org/assignments/media-types/application/json) * [YAML](https://www.iana.org/assignments/media-types/application/yaml) From 4711a423ba4f3947cc5b8307bc4746c138fd5c55 Mon Sep 17 00:00:00 2001 From: Ralf Handl Date: Tue, 24 Sep 2024 12:43:50 +0200 Subject: [PATCH 237/251] Use specific custom languages uri and uritemplate --- versions/3.0.4.md | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index f4f3f8c379..82a7963e0f 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -1649,7 +1649,7 @@ With this example, consider an `id` of `f81d4fae-7dec-11d0-a765-00a0c91e6bf6` an Assuming the most compact representation of the JSON value (with unnecessary whitespace removed), we would expect to see the following request body, where space characters have been replaced with `+` and `+`, `"`, `{`, and `}` have been percent-encoded to `%2B`, `%22`, `%7B`, and `%7D`, respectively: -```urlencoded +```uri id=f81d4fae-7dec-11d0-a765-00a0c91e6bf6&address=%7B%22streetAddress%22:%22123+Example+Dr.%22,%22city%22:%22Somewhere%22,%22state%22:%22CA%22,%22zip%22:%2299999%2B1234%22%7D ``` @@ -1658,7 +1658,7 @@ If it were treated as `application/json`, then the serialized value would be a J Here is the `id` parameter (without `address`) serialized as `application/json` instead of `text/plain`, and then encoded per RFC1866: -```urlencoded +```uri id=%22f81d4fae-7dec-11d0-a765-00a0c91e6bf6%22 ``` @@ -1688,7 +1688,7 @@ requestBody: Given a name of `example` and a solid red 2x2-pixel PNG for `icon`, this would produce a request body of: -```urlencoded +```uri name=example&icon=iVBORw0KGgoAAAANSUhEUgAAAAIAAAACCAIAAAD91JpzAAAABGdBTUEAALGPC%2FxhBQAAADhlWElmTU0AKgAAAAgAAYdpAAQAAAABAAAAGgAAAAAAAqACAAQAAAABAAAAAqADAAQAAAABAAAAAgAAAADO0J6QAAAAEElEQVQIHWP8zwACTGCSAQANHQEDqtPptQAAAABJRU5ErkJggg%3D%3D ``` @@ -4005,13 +4005,13 @@ parameters: This translates to the following URI Template: -```urlencoded +```uritemplate {?formulas*,words} ``` when expanded with the data given earlier, we get: -```urlencoded +```uri ?a=x%2By&b=x%2Fy&c=x%5Ey&words=math,is,fun ``` @@ -4045,7 +4045,7 @@ So we need to restructure the data to fit a manually constructed URI Template th Here is one such template, using a made-up convention of `words.0` for the first entry in the words value, `words.1` for the second, and `words.2` for the third: -```urlencoded +```uritemplate ?a={+a}&b={+b}&c={+c}&words={words.0} {words.1} {words.2} ``` @@ -4071,7 +4071,7 @@ words.2: fun Expanding our manually assembled template with our restructured data yields the following query string: -```urlencoded +```uri ?a=x%2By&b=x/y&c=x%5Ey&words=math%20is%20fun ``` @@ -4090,7 +4090,7 @@ words: Using this data with our original RFC6570-friendly URI Template, `{?formulas*,words}`, produces the following: -```urlencoded +```uri ?words=hello,world ``` @@ -4105,13 +4105,13 @@ words.1: world Manually constructed URI Template: -```urlencoded +```uritemplate ?words={words.0} {words.1} ``` Result: -```urlencoded +```uri ?words=hello%20world ``` @@ -4134,13 +4134,13 @@ Instead, we have to pre-percent-encode the name (which is a six-octet UTF-8 sequ "%E2%9D%A4%EF%B8%8F": love! ``` -```urlencoded +```uritemplate {?%E2%9D%A4%EF%B8%8F} ``` This will expand to the result: -```urlencoded +```uri ?%E2%9D%A4%EF%B8%8F=love%21 ``` From abddcf0107bea9fe5cbdf5cf05770bd1ab6142ee Mon Sep 17 00:00:00 2001 From: Mike Kistler Date: Thu, 3 Oct 2024 14:27:43 -0500 Subject: [PATCH 238/251] Updates based on TDC Meeting --- versions/3.0.4.md | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 78c90808a8..971a06d85f 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -22,6 +22,10 @@ For extension registries and other specifications published by the OpenAPI Initi An OpenAPI Description (OAD) formally describes the surface of an API and its semantics. It is composed of an [entry document](#openapi-description-structure) and any/all of its referenced documents. An OAD uses and conforms to the OpenAPI Specification. +### OpenAPI Document + +An OpenAPI Document is a single JSON or YAML document that conforms to the OpenAPI Specification. + ### Schema A "schema" is a formal description of syntax and structure. @@ -89,11 +93,11 @@ The OpenAPI Specification is versioned using a `major`.`minor`.`patch` versionin Occasionally, non-backwards compatible changes may be made in `minor` versions of the OAS where impact is believed to be low relative to the benefit provided. -An OpenAPI Description compatible with OAS 3.\*.\* contains a required [`openapi`](#oas-version) field which designates the version of the OAS that it uses. +An OpenAPI Document compatible with OAS 3.\*.\* contains a required [`openapi`](#oas-version) field which designates the version of the OAS that it uses. ### Format -An OpenAPI Description that conforms to the OpenAPI Specification is itself a JSON object, which may be represented either in JSON or YAML format. +An OpenAPI Document that conforms to the OpenAPI Specification is itself a JSON object, which may be represented either in JSON or YAML format. For example, if a field has an array value, the JSON array representation will be used: @@ -119,7 +123,7 @@ In order to preserve the ability to round-trip between YAML and JSON formats, YA ### OpenAPI Description Structure -An OpenAPI Description (OAD) MAY be structured as a single JSON or YAML document or composed from elements distributed across multiple documents at the discretion of the author. In the latter case, [Reference Object](#reference-object) and [Path Item Object](#path-item-object) `$ref` keywords, as well as the [Link Object](#link-object) `operationRef` keyword, are used to identify the documents containing the referenced elements. +An OpenAPI Description (OAD) MAY be made up of a single JSON or YAML document or be divided into multiple, connected parts at the discretion of the author. In the latter case, [Reference Object](#reference-object) and [Path Item Object](#path-item-object) `$ref` keywords, as well as the [Link Object](#link-object) `operationRef` keyword, are used to identify the referenced elements. In a multi-document OAD, the document containing the OpenAPI Object where parsing begins is known as that OAD's **entry document**. @@ -129,7 +133,7 @@ It is RECOMMENDED that the entry document of an OAD be named: `openapi.json` or JSON or YAML objects within an OAD are interpreted as specific Objects (such as [Operation Objects](#operation-object), [Response Objects](#response-object), [Reference Objects](#reference-object), etc.) based on their context. Depending on how references are arranged, a given JSON or YAML object can be interpreted in multiple different contexts: -* The root object of the entry document is interpreted as an OpenAPI Object +* As the root object of the [entry document](#openapi-description-structure), which is always interpreted as an OpenAPI Object * As the Object type implied by its parent Object within the OpenAPI Description * As a reference target, with the Object type matching the reference source's context @@ -252,7 +256,7 @@ This is the root object of the [OpenAPI Description](#openapi-description). | Field Name | Type | Description | | ---- | :----: | ---- | -| openapi | `string` | **REQUIRED**. This string MUST be the [version number](#versions) of the OpenAPI Specification that the OpenAPI Description uses. The `openapi` field SHOULD be used by tooling to interpret the OpenAPI Description. This is _not_ related to the API [`info.version`](#info-version) string. | +| openapi | `string` | **REQUIRED**. This string MUST be the [version number](#versions) of the OpenAPI Specification that the OpenAPI Document uses. The `openapi` field SHOULD be used by tooling to interpret the OpenAPI Document. This is _not_ related to the API [`info.version`](#info-version) string. | | info | [Info Object](#info-object) | **REQUIRED**. Provides metadata about the API. The metadata MAY be used by tooling as required. | | servers | [[Server Object](#server-object)] | An array of Server Objects, which provide connectivity information to a target server. If the `servers` field is not provided, or is an empty array, the default value would be a [Server Object](#server-object) with a [url](#server-url) value of `/`. | | paths | [Paths Object](#paths-object) | **REQUIRED**. The available paths and operations for the API. | @@ -277,7 +281,7 @@ The metadata MAY be used by the clients if needed, and MAY be presented in editi | termsOfService | `string` | A URL for the Terms of Service for the API. This MUST be in the form of a URL. | | contact | [Contact Object](#contact-object) | The contact information for the exposed API. | | license | [License Object](#license-object) | The license information for the exposed API. | -| version | `string` | **REQUIRED**. The version of the OpenAPI Description (which is distinct from the [OpenAPI Specification version](#oas-version) or the version of the API being described). | +| version | `string` | **REQUIRED**. The version of the OpenAPI Document (which is distinct from the [OpenAPI Specification version](#oas-version) or the version of the API being described or the version of the OpenAPI Description). | This object MAY be extended with [Specification Extensions](#specification-extensions). @@ -3073,7 +3077,7 @@ However, the exact nature of such conversions are implementation-defined. ##### Examples -For these examples, assume all schemas are in a single-document OpenAPI Description; for handling of `discriminator` in referenced documents see [Resolving Implicit Connections](#resolving-implicit-connections). +For these examples, assume all schemas are in the [entry document](#openapi-description-structure) of the OAD; for handling of `discriminator` in referenced documents see [Resolving Implicit Connections](#resolving-implicit-connections). In OAS 3.0, a response payload MAY be described to be exactly one of any number of types: From d44709663495e779c40fae40bb71f6a86bf0c102 Mon Sep 17 00:00:00 2001 From: Mike Kistler Date: Wed, 2 Oct 2024 07:10:23 -0500 Subject: [PATCH 239/251] A few more document -> description changes --- versions/3.0.4.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 971a06d85f..4703f861d9 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -260,9 +260,9 @@ This is the root object of the [OpenAPI Description](#openapi-description). | info | [Info Object](#info-object) | **REQUIRED**. Provides metadata about the API. The metadata MAY be used by tooling as required. | | servers | [[Server Object](#server-object)] | An array of Server Objects, which provide connectivity information to a target server. If the `servers` field is not provided, or is an empty array, the default value would be a [Server Object](#server-object) with a [url](#server-url) value of `/`. | | paths | [Paths Object](#paths-object) | **REQUIRED**. The available paths and operations for the API. | -| components | [Components Object](#components-object) | An element to hold various schemas for the document. | +| components | [Components Object](#components-object) | An element to hold various schemas for the description. | | security | [[Security Requirement Object](#security-requirement-object)] | A declaration of which security mechanisms can be used across the API. The list of values includes alternative Security Requirement Objects that can be used. Only one of the Security Requirement Objects need to be satisfied to authorize a request. Individual operations can override this definition. The list can be incomplete, up to being empty or absent. To make security explicitly optional, an empty security requirement (`{}`) can be included in the array. | -| tags | [[Tag Object](#tag-object)] | A list of tags used by the document with additional metadata. The order of the tags can be used to reflect on their order by the parsing tools. Not all tags that are used by the [Operation Object](#operation-object) must be declared. The tags that are not declared MAY be organized randomly or based on the tools' logic. Each tag name in the list MUST be unique. | +| tags | [[Tag Object](#tag-object)] | A list of tags used by the description with additional metadata. The order of the tags can be used to reflect on their order by the parsing tools. Not all tags that are used by the [Operation Object](#operation-object) must be declared. The tags that are not declared MAY be organized randomly or based on the tools' logic. Each tag name in the list MUST be unique. | | externalDocs | [External Documentation Object](#external-documentation-object) | Additional external documentation. | This object MAY be extended with [Specification Extensions](#specification-extensions). From c06c4fa5a24b715ecdccb7b95120a00c6b4eda55 Mon Sep 17 00:00:00 2001 From: Mike Kistler Date: Fri, 4 Oct 2024 06:53:26 -0500 Subject: [PATCH 240/251] Address more PR review comments --- versions/3.0.4.md | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 4703f861d9..a89ef9e3d7 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -20,11 +20,11 @@ For extension registries and other specifications published by the OpenAPI Initi ### OpenAPI Description -An OpenAPI Description (OAD) formally describes the surface of an API and its semantics. It is composed of an [entry document](#openapi-description-structure) and any/all of its referenced documents. An OAD uses and conforms to the OpenAPI Specification. +An OpenAPI Description (OAD) formally describes the surface of an API and its semantics. It is composed of an [entry document](#openapi-description-structure), which must be an OpenAPI Document, and any/all of its referenced documents. An OAD uses and conforms to the OpenAPI Specification. ### OpenAPI Document -An OpenAPI Document is a single JSON or YAML document that conforms to the OpenAPI Specification. +An OpenAPI Document is a single JSON or YAML document that conforms to the OpenAPI Specification. An OpenAPI Document compatible with OAS 3.\*.\* contains a required [`openapi`](#oas-version) field which designates the version of the OAS that it uses. ### Schema @@ -93,8 +93,6 @@ The OpenAPI Specification is versioned using a `major`.`minor`.`patch` versionin Occasionally, non-backwards compatible changes may be made in `minor` versions of the OAS where impact is believed to be low relative to the benefit provided. -An OpenAPI Document compatible with OAS 3.\*.\* contains a required [`openapi`](#oas-version) field which designates the version of the OAS that it uses. - ### Format An OpenAPI Document that conforms to the OpenAPI Specification is itself a JSON object, which may be represented either in JSON or YAML format. @@ -123,7 +121,7 @@ In order to preserve the ability to round-trip between YAML and JSON formats, YA ### OpenAPI Description Structure -An OpenAPI Description (OAD) MAY be made up of a single JSON or YAML document or be divided into multiple, connected parts at the discretion of the author. In the latter case, [Reference Object](#reference-object) and [Path Item Object](#path-item-object) `$ref` keywords, as well as the [Link Object](#link-object) `operationRef` keyword, are used to identify the referenced elements. +An OpenAPI Description (OAD) MAY be made up of a single JSON or YAML document or be divided into multiple, connected parts at the discretion of the author. In the latter case, [Reference Object](#reference-object) and [Path Item Object](#path-item-object) `$ref` keywords, as well as the [Link Object](#link-object) `operationRef` keyword, and the URI form of the [Discriminator Object](#discriminator-object) mapping keyword, are used to identify the referenced elements. In a multi-document OAD, the document containing the OpenAPI Object where parsing begins is known as that OAD's **entry document**. @@ -260,7 +258,7 @@ This is the root object of the [OpenAPI Description](#openapi-description). | info | [Info Object](#info-object) | **REQUIRED**. Provides metadata about the API. The metadata MAY be used by tooling as required. | | servers | [[Server Object](#server-object)] | An array of Server Objects, which provide connectivity information to a target server. If the `servers` field is not provided, or is an empty array, the default value would be a [Server Object](#server-object) with a [url](#server-url) value of `/`. | | paths | [Paths Object](#paths-object) | **REQUIRED**. The available paths and operations for the API. | -| components | [Components Object](#components-object) | An element to hold various schemas for the description. | +| components | [Components Object](#components-object) | An element to hold various Objects for the description. | | security | [[Security Requirement Object](#security-requirement-object)] | A declaration of which security mechanisms can be used across the API. The list of values includes alternative Security Requirement Objects that can be used. Only one of the Security Requirement Objects need to be satisfied to authorize a request. Individual operations can override this definition. The list can be incomplete, up to being empty or absent. To make security explicitly optional, an empty security requirement (`{}`) can be included in the array. | | tags | [[Tag Object](#tag-object)] | A list of tags used by the description with additional metadata. The order of the tags can be used to reflect on their order by the parsing tools. Not all tags that are used by the [Operation Object](#operation-object) must be declared. The tags that are not declared MAY be organized randomly or based on the tools' logic. Each tag name in the list MUST be unique. | | externalDocs | [External Documentation Object](#external-documentation-object) | Additional external documentation. | @@ -2153,7 +2151,7 @@ Because examples using these fields represent the final serialized form of the d The singular `example` field in the Parameter or Media Type Object is concise and convenient for simple examples, but does not offer any other advantages over using Example Objects under `examples`. Some examples cannot be represented directly in JSON or YAML. -For all three ways of providing examples, these can be shown as string values with any escaping necessary to make the string valid in the JSON or YAML format of the OpenAPI Description. +For all three ways of providing examples, these can be shown as string values with any escaping necessary to make the string valid in the JSON or YAML format of documents that comprise the OpenAPI Description. With the Example Object, such values can alternatively be handled through the `externalValue` field. ##### Example Object Examples @@ -2303,7 +2301,7 @@ For computing links and providing instructions to execute them, a [runtime expre | Field Name | Type | Description | | ---- | :----: | ---- | -| operationRef | `string` | A relative or absolute URI reference to an OAS operation. This field is mutually exclusive of the `operationId` field, and MUST point to an [Operation Object](#operation-object). Relative `operationRef` values MAY be used to locate an existing [Operation Object](#operation-object) in the OpenAPI Description. | +| operationRef | `string` | A URI reference to an OAS operation. This field is mutually exclusive of the `operationId` field, and MUST point to an [Operation Object](#operation-object). Relative `operationRef` values MAY be used to locate an existing [Operation Object](#operation-object) in the OpenAPI Description. | | operationId | `string` | The name of an _existing_, resolvable OAS operation, as defined with a unique `operationId`. This field is mutually exclusive of the `operationRef` field. | | parameters | Map[`string`, Any \| [{expression}](#runtime-expressions)] | A map representing parameters to pass to an operation as specified with `operationId` or identified via `operationRef`. The key is the parameter name to be used (optionally qualified with the parameter location, e.g. `path.id` for an `id` parameter in the path), whereas the value can be a constant or an expression to be evaluated and passed to the linked operation. | | requestBody | Any \| [{expression}](#runtime-expressions) | A literal value or [{expression}](#runtime-expressions) to use as a request body when calling the target operation. | @@ -2402,7 +2400,7 @@ links: username: $response.body#/username ``` -or an absolute `operationRef`: +or a URI `operationRef`: ```yaml links: From da96b2a2600cbb3a6f195b3267dfbe5968ac76e8 Mon Sep 17 00:00:00 2001 From: Ralf Handl Date: Mon, 7 Oct 2024 14:02:03 +0200 Subject: [PATCH 241/251] Update versions/3.0.4.md --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index a89ef9e3d7..ca341e9bc4 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -121,7 +121,7 @@ In order to preserve the ability to round-trip between YAML and JSON formats, YA ### OpenAPI Description Structure -An OpenAPI Description (OAD) MAY be made up of a single JSON or YAML document or be divided into multiple, connected parts at the discretion of the author. In the latter case, [Reference Object](#reference-object) and [Path Item Object](#path-item-object) `$ref` keywords, as well as the [Link Object](#link-object) `operationRef` keyword, and the URI form of the [Discriminator Object](#discriminator-object) mapping keyword, are used to identify the referenced elements. +An OpenAPI Description (OAD) MAY be made up of a single JSON or YAML document or be divided into multiple, connected parts at the discretion of the author. In the latter case, [Reference Object](#reference-object) and [Path Item Object](#path-item-object) `$ref` fields, as well as the [Link Object](#link-object) `operationRef` field, and the URI form of the [Discriminator Object](#discriminator-object) `mapping` field, are used to identify the referenced elements. In a multi-document OAD, the document containing the OpenAPI Object where parsing begins is known as that OAD's **entry document**. From 8bc304c3cd6c0f2e3d6c4999c673f0e3b10cab18 Mon Sep 17 00:00:00 2001 From: Lorna Jane Mitchell Date: Thu, 10 Oct 2024 17:27:19 +0100 Subject: [PATCH 242/251] Update versions/3.0.4.md --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index ca341e9bc4..a0f1f249a1 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -132,7 +132,7 @@ It is RECOMMENDED that the entry document of an OAD be named: `openapi.json` or JSON or YAML objects within an OAD are interpreted as specific Objects (such as [Operation Objects](#operation-object), [Response Objects](#response-object), [Reference Objects](#reference-object), etc.) based on their context. Depending on how references are arranged, a given JSON or YAML object can be interpreted in multiple different contexts: * As the root object of the [entry document](#openapi-description-structure), which is always interpreted as an OpenAPI Object -* As the Object type implied by its parent Object within the OpenAPI Description +* As the Object type implied by its parent Object within the document * As a reference target, with the Object type matching the reference source's context If the same JSON/YAML object is parsed multiple times and the respective contexts require it to be parsed as _different_ Object types, the resulting behavior is _implementation defined_, and MAY be treated as an error if detected. An example would be referencing an empty Schema Object under `#/components/schemas` where a Path Item Object is expected, as an empty object is valid for both types. For maximum interoperability, it is RECOMMENDED that OpenAPI Description authors avoid such scenarios. From eb3c83399b1583bc96339e0a32d47056386a8d90 Mon Sep 17 00:00:00 2001 From: Vincent Biret Date: Thu, 3 Oct 2024 13:59:22 -0400 Subject: [PATCH 243/251] fix: clarifies wording for security requirements --- versions/3.0.4.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 82a7963e0f..18af555b0b 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -3726,10 +3726,11 @@ flows: Lists the required security schemes to execute this operation. The name used for each property MUST correspond to a security scheme declared in the [Security Schemes](#security-scheme-object) under the [Components Object](#components-object). -Security Requirement Objects that contain multiple schemes require that all schemes MUST be satisfied for a request to be authorized. +A Security Requirement Object MAY refer to multiple security schemes in which case all schemes MUST be satisfied for a request to be authorized. This enables support for scenarios where multiple query parameters or HTTP headers are required to convey security information. -When a list of Security Requirement Objects is defined on the [OpenAPI Object](#openapi-object) or [Operation Object](#operation-object), only one of the Security Requirement Objects in the list needs to be satisfied to authorize the request. +When the security field is defined on the [OpenAPI Object](#openapi-object) or [Operation Object](#operation-object) and contains multiple Security Requirement Objects, only one of the entries in the list needs to be satisfied to authorize the request. +This enables support for scenarios where the API supports alternative security schemes, or when they are optional. ##### Patterned Fields From 133352b1028bf3acb841dc2957ba31a8a233379e Mon Sep 17 00:00:00 2001 From: Vincent Biret Date: Mon, 7 Oct 2024 07:58:21 -0400 Subject: [PATCH 244/251] Apply suggestions from code review Co-authored-by: Ralf Handl Co-authored-by: Kevin Swiber --- versions/3.0.4.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 18af555b0b..85c0830e1e 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -3729,8 +3729,10 @@ The name used for each property MUST correspond to a security scheme declared in A Security Requirement Object MAY refer to multiple security schemes in which case all schemes MUST be satisfied for a request to be authorized. This enables support for scenarios where multiple query parameters or HTTP headers are required to convey security information. -When the security field is defined on the [OpenAPI Object](#openapi-object) or [Operation Object](#operation-object) and contains multiple Security Requirement Objects, only one of the entries in the list needs to be satisfied to authorize the request. -This enables support for scenarios where the API supports alternative security schemes, or when they are optional. +When the `security` field is defined on the [OpenAPI Object](#openapi-object) or [Operation Object](#operation-object) and contains multiple Security Requirement Objects, only one of the entries in the list needs to be satisfied to authorize the request. +This enables support for scenarios where the API allows multiple, independent security schemes. + +An empty Security Requirement Object (`{}`) indicates anonymous access is supported. ##### Patterned Fields From 6de8f7d8c97c96131d54d81bf0d6cd55d8f4abc7 Mon Sep 17 00:00:00 2001 From: Henry Andrews Date: Thu, 10 Oct 2024 11:46:08 -0700 Subject: [PATCH 245/251] Remove specific text for relative `operationRef` as it is being handled in the "resolving relative URLs" section Co-authored-by: Ralf Handl --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index a0f1f249a1..a78c3be340 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -2301,7 +2301,7 @@ For computing links and providing instructions to execute them, a [runtime expre | Field Name | Type | Description | | ---- | :----: | ---- | -| operationRef | `string` | A URI reference to an OAS operation. This field is mutually exclusive of the `operationId` field, and MUST point to an [Operation Object](#operation-object). Relative `operationRef` values MAY be used to locate an existing [Operation Object](#operation-object) in the OpenAPI Description. | +| operationRef | `string` | A URI reference to an OAS operation. This field is mutually exclusive of the `operationId` field, and MUST point to an [Operation Object](#operation-object). | | operationId | `string` | The name of an _existing_, resolvable OAS operation, as defined with a unique `operationId`. This field is mutually exclusive of the `operationRef` field. | | parameters | Map[`string`, Any \| [{expression}](#runtime-expressions)] | A map representing parameters to pass to an operation as specified with `operationId` or identified via `operationRef`. The key is the parameter name to be used (optionally qualified with the parameter location, e.g. `path.id` for an `id` parameter in the path), whereas the value can be a constant or an expression to be evaluated and passed to the linked operation. | | requestBody | Any \| [{expression}](#runtime-expressions) | A literal value or [{expression}](#runtime-expressions) to use as a request body when calling the target operation. | From 16403633fd1fbd6dbcb738af55946ddbdc3603e3 Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Thu, 10 Oct 2024 12:15:00 -0700 Subject: [PATCH 246/251] Note relative URL-reference resolution ambiguity This explicitly lists out the cases and notes which ones were (as far as we can recall) intended to behave like `$ref`, but could be reasonably read to behave like API URLs. --- versions/3.0.4.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 82a7963e0f..ae79e0f18d 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -232,10 +232,15 @@ OpenAPI Description authors SHOULD consider how text using such extensions will ### Relative References in URLs Unless specified otherwise, all fields that are URLs MAY be relative references as defined by [RFC3986](https://tools.ietf.org/html/rfc3986#section-4.2). + Relative references are resolved using the URLs defined in the [Server Object](#server-object) as a Base URI. Relative references used in `$ref` are processed as per [JSON Reference](https://tools.ietf.org/html/draft-pbryan-zyp-json-ref-03), using the URL of the current document as the base URI. See also the [Reference Object](#reference-object). +The wording above is intended to distinguish between API URLs (which use the Server Object to determine the base URI or the prefix for the URL path template), and OAD URLs (which use the current document's base URI per RFC3986). +However, only `$ref` was mentioned explicitly in versions 3.0.0 through 3.0.3 of this specification, leaving the behavior of the following fields ambiguous: the `operationRef` field of the [Link Object](#link-object), the URI form of the `mapping` field of the [Discriminator Object](#discriminator-object), the `externalValue` field of the [Example Object](#example-object), and the `url` fields of the [External Documentation](#external-documentation-object), [Contact](#contact-object), and [License](#license-object) Objects. +Therefore, which of the above two rules is used for each of these fields is _implementation-defined_, although it is RECOMMENDED to use the `$ref` process for all of them for compatibility with future versions of this specification. + Relative references in CommonMark hyperlinks are resolved in their rendered context, which might differ from the context of the API description. ### Schema From 4c3b2cc2ea98ab7ac0db28804ed1af7482fd5b6c Mon Sep 17 00:00:00 2001 From: Henry Andrews Date: Fri, 11 Oct 2024 11:47:58 -0700 Subject: [PATCH 247/251] Better use of defined terminology Co-authored-by: Ralf Handl --- versions/3.0.4.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index a78c3be340..23126ef1f3 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -258,9 +258,9 @@ This is the root object of the [OpenAPI Description](#openapi-description). | info | [Info Object](#info-object) | **REQUIRED**. Provides metadata about the API. The metadata MAY be used by tooling as required. | | servers | [[Server Object](#server-object)] | An array of Server Objects, which provide connectivity information to a target server. If the `servers` field is not provided, or is an empty array, the default value would be a [Server Object](#server-object) with a [url](#server-url) value of `/`. | | paths | [Paths Object](#paths-object) | **REQUIRED**. The available paths and operations for the API. | -| components | [Components Object](#components-object) | An element to hold various Objects for the description. | +| components | [Components Object](#components-object) | An element to hold various Objects for the OpenAPI Description. | | security | [[Security Requirement Object](#security-requirement-object)] | A declaration of which security mechanisms can be used across the API. The list of values includes alternative Security Requirement Objects that can be used. Only one of the Security Requirement Objects need to be satisfied to authorize a request. Individual operations can override this definition. The list can be incomplete, up to being empty or absent. To make security explicitly optional, an empty security requirement (`{}`) can be included in the array. | -| tags | [[Tag Object](#tag-object)] | A list of tags used by the description with additional metadata. The order of the tags can be used to reflect on their order by the parsing tools. Not all tags that are used by the [Operation Object](#operation-object) must be declared. The tags that are not declared MAY be organized randomly or based on the tools' logic. Each tag name in the list MUST be unique. | +| tags | [[Tag Object](#tag-object)] | A list of tags used by the OpenAPI Description with additional metadata. The order of the tags can be used to reflect on their order by the parsing tools. Not all tags that are used by the [Operation Object](#operation-object) must be declared. The tags that are not declared MAY be organized randomly or based on the tools' logic. Each tag name in the list MUST be unique. | | externalDocs | [External Documentation Object](#external-documentation-object) | Additional external documentation. | This object MAY be extended with [Specification Extensions](#specification-extensions). From 5cb6de9c08bddaafcca60c696a3aab08272968fd Mon Sep 17 00:00:00 2001 From: "Henry H. Andrews" Date: Fri, 11 Oct 2024 12:42:20 -0700 Subject: [PATCH 248/251] Improve wording from review feedback Co-authored-by: Mike Kistler --- versions/3.0.4.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index ae79e0f18d..5329c824b1 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -237,9 +237,7 @@ Relative references are resolved using the URLs defined in the [Server Object](# Relative references used in `$ref` are processed as per [JSON Reference](https://tools.ietf.org/html/draft-pbryan-zyp-json-ref-03), using the URL of the current document as the base URI. See also the [Reference Object](#reference-object). -The wording above is intended to distinguish between API URLs (which use the Server Object to determine the base URI or the prefix for the URL path template), and OAD URLs (which use the current document's base URI per RFC3986). -However, only `$ref` was mentioned explicitly in versions 3.0.0 through 3.0.3 of this specification, leaving the behavior of the following fields ambiguous: the `operationRef` field of the [Link Object](#link-object), the URI form of the `mapping` field of the [Discriminator Object](#discriminator-object), the `externalValue` field of the [Example Object](#example-object), and the `url` fields of the [External Documentation](#external-documentation-object), [Contact](#contact-object), and [License](#license-object) Objects. -Therefore, which of the above two rules is used for each of these fields is _implementation-defined_, although it is RECOMMENDED to use the `$ref` process for all of them for compatibility with future versions of this specification. +It is _implementation_defined_ whether the resolution of relative references in each of the `operationRef` field of the [Link Object](#link-object), the URI form of the `mapping` field of the [Discriminator Object](#discriminator-object), the `externalValue` field of the [Example Object](#example-object), and the `url` fields of the [External Documentation](#external-documentation-object), [Contact](#contact-object), and [License](#license-object) Objects resolve by using the same process as `$ref` or by using the Server Object. For compatibility with future versions of this specification, the `$ref` process is RECOMMENDED for all of these fields. Relative references in CommonMark hyperlinks are resolved in their rendered context, which might differ from the context of the API description. From d6d8d5818ea79e269475c03c83c29d7f9f5511a0 Mon Sep 17 00:00:00 2001 From: Mike Kistler Date: Sat, 12 Oct 2024 17:43:49 -0600 Subject: [PATCH 249/251] Apply suggestions from PR review Co-authored-by: Henry Andrews --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 23126ef1f3..8372450fe8 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -382,7 +382,7 @@ An object representing a Server. | Field Name | Type | Description | | ---- | :----: | ---- | -| url | `string` | **REQUIRED**. A URL to the target host. This URL supports Server Variables and MAY be relative, to indicate that the host location is relative to the location where the entry document of the OpenAPI Description is being served. Variable substitutions will be made when a variable is named in `{`braces`}`. | +| url | `string` | **REQUIRED**. A URL to the target host. This URL supports Server Variables and MAY be relative, to indicate that the host location is relative to the location where the document containing the Server Object is being served. Variable substitutions will be made when a variable is named in `{`braces`}`. | | description | `string` | An optional string describing the host designated by the URL. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | | variables | Map[`string`, [Server Variable Object](#server-variable-object)] | A map between a variable name and its value. The value is used for substitution in the server's URL template. | From 84557339bd79734ab4231144914284c63f3db678 Mon Sep 17 00:00:00 2001 From: Ralf Handl Date: Fri, 18 Oct 2024 10:21:10 +0200 Subject: [PATCH 250/251] Set release date --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 93da98b817..a21a305a43 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -3859,7 +3859,7 @@ Certain fields allow the use of Markdown which can contain HTML including script | Version | Date | Notes | | ---- | ---- | ---- | -| 3.0.4 | TBD | Patch release of the OpenAPI Specification 3.0.4 | +| 3.0.4 | 2024-10-17 | Patch release of the OpenAPI Specification 3.0.4 | | 3.0.3 | 2020-02-20 | Patch release of the OpenAPI Specification 3.0.3 | | 3.0.2 | 2018-10-08 | Patch release of the OpenAPI Specification 3.0.2 | | 3.0.1 | 2017-12-06 | Patch release of the OpenAPI Specification 3.0.1 | From 8608406b8e61ae3b645bd625e8b7e7fdd9d96575 Mon Sep 17 00:00:00 2001 From: Ralf Handl Date: Thu, 24 Oct 2024 18:15:15 +0200 Subject: [PATCH 251/251] Update 3.0.4.md --- versions/3.0.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/3.0.4.md b/versions/3.0.4.md index a21a305a43..90cdc0a229 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -3859,7 +3859,7 @@ Certain fields allow the use of Markdown which can contain HTML including script | Version | Date | Notes | | ---- | ---- | ---- | -| 3.0.4 | 2024-10-17 | Patch release of the OpenAPI Specification 3.0.4 | +| 3.0.4 | 2024-10-24 | Patch release of the OpenAPI Specification 3.0.4 | | 3.0.3 | 2020-02-20 | Patch release of the OpenAPI Specification 3.0.3 | | 3.0.2 | 2018-10-08 | Patch release of the OpenAPI Specification 3.0.2 | | 3.0.1 | 2017-12-06 | Patch release of the OpenAPI Specification 3.0.1 |